Senior Staff IT Security Auditor

If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:
 

Grade: Technical 410Pay Range: $140,200.00 - $217,200.00

Job Description

Job Summary

The Senior Staff IT Security Auditor (one level under Principal-level) serves as an experienced security professional and trusted advisor to internal business units and IT departments. This role requires strong internal audit expertise, excellent client relationship skills, and the ability to mentor junior team members while independently managing complex audit engagements. The position reports to the Senior Manager of Information Security and plays a key role in executing the annual audit plan.

Key Responsibilities

Audit Planning & Execution

· Audit Planning Contribution: Actively participate in annual audit planning, providing risk insights and recommendations for audit scope and priorities

· Engagement Scoping: Improve detailed audit programs and testing procedures for assigned audits, determining appropriate scope and resource needs

· Multi-Engagement Management: Simultaneously manage 2-3 audit engagements while mentoring junior staff assigned to projects

· Methodology Enhancement: Recommend improvements to audit procedures and contribute to methodology development

Internal Client Advisory

· Department-Level Advisory: Serve as a trusted security advisor to department heads, IT managers, and business unit leaders

· Risk Consultation: Help internal clients understand security risks and develop practical mitigation strategies

· Relationship Management: Build strong, collaborative relationships with audit clients to facilitate open communication and effective remediation

· Control Design Support: Advise on control design and implementation to prevent issues before they occur

Technical Assessment & Testing

· Advanced Testing: Conduct sophisticated technical assessments, including configuration reviews, penetration test validation, and control effectiveness testing

· Root Cause Analysis: Identify underlying causes of control failures and systemic issues across the organization

· Cross-Functional Reviews: Lead audits spanning multiple departments and technology platforms

· Emerging Technology: Assess security controls in cloud environments, DevOps pipelines, and modern application architectures

· Data Analytics: Use data analysis tools to identify anomalies and test large populations of transactions

Communication & Reporting

· Management Presentations: Present audit findings and recommendations to the director and VP-level management with confidence and clarity

· Risk Communication: Translate technical vulnerabilities into business risks that resonate with non-technical stakeholders

· Report Writing: Produce clear, concise audit reports that drive action and provide practical recommendations

· Issue Negotiation: Navigate disagreements on findings and ratings through collaborative discussion and evidence-based arguments

· Status Reporting: Provide regular updates to the Senior Lead Auditor on engagement progress and emerging risks

Compliance & Risk Management

· Framework Application: Apply multiple regulatory frameworks (NIST, GLBA, FERPA, ISO 27001, SOC 2) to audit engagements

· Risk Assessment: Conduct risk assessments for assigned business areas and contribute to enterprise risk discussions

· Control Mapping: Map controls across multiple compliance requirements to identify gaps and redundancies

· Regulatory Updates: Stay current with changing regulations affecting assigned audit areas

Process Improvement

· Audit Efficiency: Identify opportunities to streamline audit processes through automation or improved procedures

· Tool Implementation: Evaluate and implement new audit tools and technologies

· Best Practice Research: Research industry best practices and incorporate them into the audit approach

· Continuous Monitoring: Contribute to the development of continuous monitoring capabilities

Minimum Qualifications

Education & Experience

· Bachelor's Degree in Cybersecurity, Information Security, Computer Science, Information Systems, or related field

· 7 years of professional experience in IT security, with at least 4 years focused on internal security auditing

· Demonstrated experience serving as lead auditor on complex engagements

· Proven track record of building strong client relationships and influencing positive security changes

Core Competencies

· Internal Audit Expertise: Deep understanding of internal audit standards, methodologies, and best practices

· Client Management: Excellent interpersonal skills with the ability to build trust and manage challenging conversations

· Technical Proficiency: Strong technical knowledge across infrastructure, applications, and cloud environments

· Risk Assessment: Ability to identify, evaluate, and prioritize risks based on business impact

· Project Management: Skills to manage multiple engagements and meet deadlines consistently

Technical Requirements

· Audit Tools: Proficiency with audit management software, data analytics tools, and automated testing solutions

· Security Technologies: Working knowledge of security controls, including IAM, encryption, logging, and monitoring

· Compliance Frameworks: Understanding of major frameworks (NIST CSF, ISO 27001, COBIT, SOC 2)

· Cloud Platforms: Familiarity with AWS or Azure, security controls and assessment techniques

Preferred Qualifications

Certifications

· Professional Certifications: CISA, CISM, CISSP, or CIA

· Cloud Certifications: AWS Security, Azure Security, or equivalent

· Specialized Certifications: CRISC, CGEIT, or relevant industry certifications

Advanced Experience

· Consulting Background: Experience in Big 4 or internal audit consulting

· Industry Knowledge: Experience in higher education or financial services

· Specialized Audits: Background in application security reviews, cloud audits, or data privacy assessments

· 15 years of Information Security experience, including an understanding of all security domains

Specific Responsibilities

Annual Planning Support

· Participate in annual risk assessment workshops

· Provide input on audit universe and risk rankings

· Recommend audit scope and timing based on client knowledge

· Assist in resource planning and scheduling

· Contribute to audit plan presentation materials

Client Relationship Management

· Maintain regular touchpoints with key client contacts

· Proactively identify emerging risks in assigned areas

· Facilitate audit planning meetings with clients

· Manage remediation follow-up activities

· Build network of contacts across the organization

Quality Assurance

· Ensure compliance with internal audit standards

· Maintain comprehensive audit documentation

· Participate in peer reviews

· Contribute to quality improvement initiatives

· Support external quality assessments

Higher Education Specific Requirements

· Understanding of FERPA, GLBA compliance requirements

· Familiarity with student information systems

· Knowledge of research compliance and data security

· Experience with Federal Tax Information (FTI) requirements

· Understanding of Controlled Unclassified Information (CUI) handling

· Awareness of unique higher education IT environment challenge

Work Environment

· Location: Salt Lake City, Utah (In office 4 days per week)

· Work Schedule: Standard business hours with flexibility for project deadlines

Position & Application Details

Full-Time Regular Positions (classified as regular and working 40 standard weekly hours): This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at [email protected].

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.