"Risk Assessment Analyst II"

About the Role:

The Risk Assessment Analyst II will work as a team member of WGU's Risk Management Team. This individual will have practical experience in cyber & IT risk management practices, specifically as it relates to information security. The analyst will conduct internal, third-party, and supplier risk assessments and provide control recommendations and oversee control implementation.

Essential Functions and Responsibilities:

• Function as a lead analyst in one or more efforts to assist with risk analysis, third-party risk, exception to policy analysis and other security efforts.
• Recommend and support the creation of tools, processes, and communications that support information security initiatives. Participate in the development of security policies, standards and procedures.
• Develop and apply standards and procedures regarding security tools.
• Participate in tactical projects as they arise to clarify and respond to identified security risks across different technical domains.
• Conduct security risk assessments related to internal systems, projects, third-parties, suppliers, etc. based on industry accepted best practices; including, but not limited to NIST and similar frameworks.
• Conduct Open-Source Intelligence (OSINT) research on third-parties, suppliers, and applications with regards to the security profile of the Target of Evaluation (ToE) .
• Review Exception to Policy requests.
• Work with engineers, architects, and other security professionals to understand risk of a system, project, third-party, supplier, or application and recommend security controls to mitigate known risks.
• Work with IT and business unit management to assure third-parties, applications, and suppliers are aligned with the university's security requirements.
• Provide guidance and assistance to operational teams and third-parties to remediate security deficiencies identified in risk assessments.
• Knowledge of NIST, ISO, and PCI-DSS standards as well as FERPA, GLBA, GDPR, HIPAA, FTC regulations. Contribute to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk.
• Measure, collect, and report on key information security services and risk indicators.
• Identify process gaps; recommend and support process improvement.
• Act as an advocate for Information Security to help the business understand information security risks, standards, and best practices as they relate to third parties and products.
• Ability to identify internal and external trends to identify risks.
• Ability to articulate risk to management.

What you'll need or Minimum qualification:

• Bachelor's Degree in related field and 2 years of relevant work experience or 4-5 years minimum of Information Security experience.
• Experience with security industry standards and best practices. Proven experience with interpretation and implementation of those standards in a corporate environment.
• Experience recommending additional security requirements and safeguards.
• Experience with cyber-security and privacy principles and controls used to manage risks related to the use, processing, storage, and transmission of information or data.
• Knowledge of risk management best practices and frameworks.
• Strong analytical and problem-solving skills.
• Good written and oral communication skills.
• Solution-driven approach to problems.
• Detail oriented and result driven.

Nice to have:

• Industry certification (e.g., CISSP, CISM, CRISC, CISA).

Location: Guadalajara

This role is currently remote within Mexico; the position will shift to a hybrid model once our Guadalajara office opens.

This role includes participation in a rotating on-call schedule shared among team members to ensure support coverage outside regular hours. Rotation may be required depending on team needs. We value the "you build it, you own it" principle - on-call participation reflects our commitment to ownership, accountability, and reliability.

Learn more about our WGU Mexico Team by clicking here.