Senior Third-Party Risk Analyst

Western Governors University•Salt Lake City, UT

3d•$127,700 - $191,500•Onsite

About The Position

If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career. Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families. The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is: Grade: Technical 409 Pay Range: $127,700.00 - $191,500.00

Requirements

Bachelor’s degree in a related field with 5+ years of information security experience, including hands-on ownership of third-party or supplier risk assessments.
Proven experience running or significantly contributing to a third-party or vendor risk management program end to end.
Strong analytical and critical-thinking skills with the ability to reason through ambiguity and make sound, defensible risk decisions.
Experience with cybersecurity and privacy principles and the controls used to manage risk across data use, processing, storage, and transmission.
Demonstrated experience recommending security safeguards, including contract and SLA language.
Working knowledge of risk management best practices and frameworks.
Excellent written and verbal communication skills with the ability to influence stakeholders and clearly articulate risk to leadership.
Active industry certification such as CISSP, CISM, CRISC, CISA, or a closely equivalent credential.

Nice To Haves

7 to 10 years of information security experience, including hands-on ownership of third-party or supplier risk assessments.
Experience identifying and implementing AI-driven efficiencies within a risk management or TPRM program.
Familiarity with NIST, ISO, and PCI-DSS standards.
Experience working in regulated environments, including FERPA, GLBA, or FTC regulatory contexts.

Responsibilities

Serve as the subject matter expert for third-party and supplier risk management, owning and continuously maturing WGU’s TPRM methodology.
Lead end-to-end third-party risk assessments across the full lifecycle, including intake, due diligence, contracting, ongoing monitoring, and offboarding.
Analyze complex technical and non-technical evidence to determine likelihood, impact, root cause, and defensible risk ratings.
Review assurance artifacts such as SOC 2 Type II reports, penetration test results, and security questionnaires to identify gaps, exceptions, and compensating controls.
Assess fourth-party and downstream risk, including concentration risk within critical supply chains.
Partner with procurement, legal, and privacy teams to review contracts, data protection addendums, and security clauses and recommend risk-reducing language.
Mentor junior analysts, provide quality review of assessments, and act as an escalation point for high-risk or complex engagements.