If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.
Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.
The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.
At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:
Grade: Technical 409Pay Range: $127,700.00 - $191,500.00The Senior Third-Party Risk Analyst is a senior member of WGU’s Risk Management Team and a subject matter expert in third-party and supplier risk management (TPRM). This individual brings deep, hands-on experience assessing the security posture of vendors, suppliers, and applications across the full third-party lifecycle, including intake, due diligence, contracting, ongoing monitoring, and offboarding. The Senior Analyst owns and matures the TPRM methodology, applies strong analytical thinking to translate complex findings into clear risk decisions, mentors junior analysts, and serves as a trusted advisor to procurement, legal, privacy, and business stakeholders. While the focus is third-party risk, this role also contributes to internal and enterprise risk efforts as needed.
What You’ll Do
Serve as the subject matter expert for third-party and supplier risk management, owning and continuously maturing WGU’s TPRM methodology.
Lead end-to-end third-party risk assessments across the full lifecycle, including intake, due diligence, contracting, ongoing monitoring, and offboarding.
Analyze complex technical and non-technical evidence to determine likelihood, impact, root cause, and defensible risk ratings.
Review assurance artifacts such as SOC 2 Type II reports, penetration test results, and security questionnaires to identify gaps, exceptions, and compensating controls.
Assess fourth-party and downstream risk, including concentration risk within critical supply chains.
Partner with procurement, legal, and privacy teams to review contracts, data protection addendums, and security clauses and recommend risk-reducing language.
Mentor junior analysts, provide quality review of assessments, and act as an escalation point for high-risk or complex engagements.
Lead exception-to-policy analysis, document residual risk, and guide risk acceptance, transfer, or mitigation decisions with appropriate stakeholder sign-off.
Work with engineers, architects, and security professionals to understand the risk of a system, project, third-party, supplier, or application and recommend controls to mitigate identified risks.
Provide guidance and assistance to operational teams and third parties to remediate security deficiencies and track remediation through to closure.
Identify, develop, and recommend AI-driven efficiencies in the TPRM program and broader risk management practice.
Maintain working knowledge of NIST, ISO, and PCI-DSS standards as well as FERPA, GLBA, and FTC regulations, and ensure assessments account for applicable obligations.
Act as an advocate for Information Security, helping the business understand third-party risk, security standards, and best practices.
What You’ll Bring
Bachelor’s degree in a related field with 5+ years (7-10 years preferred) of information security experience, including hands-on ownership of third-party or supplier risk assessments.
Proven experience running or significantly contributing to a third-party or vendor risk management program end to end.
Familiarity with NIST, ISO, and PCI-DSS standards.
Strong analytical and critical-thinking skills with the ability to reason through ambiguity and make sound, defensible risk decisions.
Experience with cybersecurity and privacy principles and the controls used to manage risk across data use, processing, storage, and transmission.
Demonstrated experience recommending security safeguards, including contract and SLA language.
Working knowledge of risk management best practices and frameworks.
Excellent written and verbal communication skills with the ability to influence stakeholders and clearly articulate risk to leadership.
Equivalent relevant experience performing the essential functions of this job may substitute for education degree requirements. Generally, equivalent relevant experience is defined as 1 year of experience for 1 year of education and is the discretion of the hiring manager.
Bonus Points
7 to 10 years of information security experience, including hands-on ownership of third-party or supplier risk assessments.
Experience identifying and implementing AI-driven efficiencies within a risk management or TPRM program.
Experience working in regulated environments, including FERPA, GLBA, or FTC regulatory contexts.
Required Certification
Active industry certification such as CISSP, CISM, CRISC, CISA, or a closely equivalent credential.
What to Expect
At WGU, our mission drives everything we do, including how we hire. Our interview experience is designed to give qualified candidates the opportunity to show their best work through meaningful conversations and collaboration.
We thoughtfully review every application and invite forward the candidates whose experience and potential best align with the role and our mission.
Interview Steps
Introductory call
Hiring manager interview
Team panel interview
Work Location
This is a full-time, in-office position at WGU’s office in Salt Lake City, Utah.
Visa Sponsorship
While we welcome applicants from all backgrounds, WGU is not able to provide visa sponsorship for this role.
#LI-AW2
Position & Application Details
Full-Time Regular Positions (classified as regular and working 40 standard weekly hours): This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.
How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.
Additional Information
Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive.
Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.
Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.
