Edtech.com's Summary

WGU is hiring an IT Security Auditor. The role involves designing and executing comprehensive IT security audits, assessing risk, and collaborating closely with IT and business teams to improve security practices across on-premises, cloud, and hybrid environments. The auditor prepares detailed reports, advises on security best practices, and ensures compliance with industry standards and regulations.

Highlights

Design and execute IT internal security audits across various environments.
Develop risk-based audit plans aligned with organizational priorities and regulatory requirements.
Collaborate with IT, cybersecurity, compliance, and business units for system and process understanding.
Maintain audit documentation and provide executive-level reporting with actionable recommendations.
Ensure compliance with standards such as NIST, ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, and FERPA.
Conduct technical assessments and vulnerability testing of network infrastructure, applications, and cloud services.
Proficiency with AWS core services and cloud security engineering principles.
Required qualifications include a bachelor's degree in a relevant field and 3-5 years' experience in IT audit or cybersecurity roles.
Preferred certifications include CISA, CISM, CISSP, CRISC, and cloud security credentials such as AWS Security Specialty or Azure Security Engineer.
Compensation range between $105,600 and $158,400, with comprehensive benefits including bonuses, insurance, paid leave, and tuition discounts.

IT Security Auditor Full Description

IT Security Auditor

Salt Lake City Office

Full time

If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

Grade: Technical 407Pay Range: $105,600.00 - $158,400.00

Job Description

Job Profile Summary

The current information security landscape is technically complex and constantly changing. The IT Security Auditor uses their knowledge

of current security methods and standards to gather operational information and assess and analyze tools, systems, and processes in

defense of applications, systems, and networks and collaborate with Infrastructure and business teams.

Job Duties & Responsibilities

Audit Planning & Execution

IT Security Audit Management: Design, plan, and execute comprehensive IT internal security audits across on-premises, cloud, and hybrid environments
Risk-Based Audit Approach: Develop audit plans based on organizational risk assessments, business priorities, and regulatory requirements
Project Coordination: Manage multiple concurrent audit engagements, ensuring timely delivery and resource optimization

Documentation & Knowledge Management

Policy Review: Evaluate IT governance documentation, security policies, procedures, and standards for adequacy and effectiveness
Audit Documentation: Maintain comprehensive audit workpapers, evidence, and documentation in accordance with professional standards
Knowledge Sharing: Stay current with emerging threats, security trends, and audit methodologies through continuous learning

Collaboration & Advisory

Cross-Functional Partnership: Work closely with IT, cybersecurity, compliance, and business teams to understand system architectures and business processes
Technical Guidance: Provide expert advice on security best practices, control design, and risk mitigation strategies
Process Improvement: Recommend enhancements to audit methodologies, tools, and organizational security practices

Reporting & Communication

Executive Reporting: Prepare detailed audit reports with executive summaries, technical findings, risk ratings, and actionable recommendations
Stakeholder Engagement: Present audit results to senior management, IT leadership, and audit committees with clear business impact assessments
Issue Tracking: Monitor remediation progress and conduct follow-up audits to validate corrective actions
Gap Analysis: Compare current security posture against industry best practices and regulatory requirements

Compliance & Risk Management

Regulatory Compliance: Ensure adherence to industry standards and regulations (NIST, SOC 2, ISO 27001, PCI DSS, HIPAA, SOX, GDPR, GLBA, FERPA)
Risk Analysis: Identify, analyze, and quantify IT risks, developing comprehensive risk registers and mitigation strategies
Gap Analysis: Compare current security posture against industry best practices and regulatory requirements

Technical Assessment & Testing

Systems Evaluation: Conduct in-depth technical assessments of information systems, including network infrastructure, databases, applications, and cloud services
Control Testing: Evaluate the design and operational effectiveness of IT controls, including access controls, data encryption, and security monitoring systems
Vulnerability Assessment: Identify security weaknesses, configuration gaps, and potential attack vectors through systematic testing methodologies Technology Review: Assess emerging technologies and their security implications, including AI/ML systems, IoT devices, and automation tools

Collaboration & Advisory

Cross-Functional Partnership: Work closely with IT, cybersecurity, compliance, and business teams to understand system architectures and business processes
Technical Guidance: Provide expert advice on security best practices, control design, and risk mitigation strategies
Process Improvement: Recommend enhancements to audit methodologies, tools, and organizational security practices

Documentation & Knowledge Management

Policy Review: Evaluate IT governance documentation, security policies, procedures, and standards for adequacy and effectiveness
Audit Documentation: Maintain comprehensive audit workpapers, evidence, and documentation in accordance with professional standards
Knowledge Sharing: Stay current with emerging threats, security trends, and audit methodologies through continuous learning

KSAs

Knowledge of NIST, ISO, and PCI-DSS standards as well as FERPA, GLBA, GDPR, HIPAA, FTC regulations. Contributes to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk
Understanding of core AWS services, including compute (EC2, ECS, Lambda), network (VPC, Subnets, Security Groups), storage (S3, EFS, EBS), database (RDS), and identity (IAM)
Understanding of integrating security into the various stages of a CI/CD pipeline
Understanding of cloud security engineering principles as applied in support of, and integration with, key business and strategic priorities
Working knowledge of intrusion detection methodologies and techniques for detecting intrusions via intrusion detection technologies
Ability to use network management tools to analyze network traffic patterns
Ability to tune sensors, read, and interpret signatures
Great oral and written communication skills with the ability to communicate with purpose, clarity, and accuracy
Familiarity with network architectures, network services & devices, system types, development platforms, and software suites (Microsoft, Cisco, Oracle, Linux, etc.)
Excellent analytical, problem-solving, and decision-making skills
Ability to take a solution-driven approach to problem-solving
Working knowledge of securing and administering network devices and operating systems.
Knowledge and experience in incident handling, computer forensics, intrusion detection systems, firewalls, antivirus, syslog, etc.
Strong understanding of PCI, SOX, GLBA, PII, and FERPA requirements
Working knowledge of penetration testing and intrusion detection
Subject matter expert in area of responsibility or working knowledge of several technical areas
Methodical, data-driven approach to security and risk analysis; ability to think imaginatively in order to assist in implement security improvements
Understanding of the implications of privacy laws and regulations (i.e. GDPR and CCPA).
Strong understanding of SIEM content security rules to detect malicious, suspicious, and/or abnormal events
Understanding of cloud resources using infrastructure-as-code (CloudFormation, CDK, etc.)
Understanding of the Development of Security Content and Use Case Development. Alerting aligning to the MITRE ATT&CK Framework

Minimum Qualifications

Bachelor's Degree in Cybersecurity, Information Security, Computer Science, Information Systems, or related field
3-5 years of professional experience in IT audit, cybersecurity, risk management, or compliance roles
Demonstrated expertise in IT audit methodologies, risk assessment frameworks, and internal controls
Regulatory Frameworks: Working knowledge of multiple compliance standards (NIST Cybersecurity Framework, COBIT, ISO 27001/27002, SOC 2)
Audit Tools: Experience with audit management software, vulnerability scanners, and security assessment tools
IT Infrastructure: Understanding of network architecture, cloud platforms (AWS, Azure), databases, and enterprise applications
Security Technologies: Familiarity with firewalls, SIEM systems, identity management, encryption, and endpoint protection

Preferred Qualifications

Master's Degree in Cybersecurity, Information Security, Computer Science, Information Systems, or a related field
Audit Certifications: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager)
Security Certifications: CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control)
Cloud Certifications: AWS Security Specialty, Azure Security Engineer, or equivalent cloud security credentials
Data Analytics: Experience with data analysis tools (SQL, Python, R) for audit testing and risk quantification
Automation: Knowledge of audit automation tools and techniques, including continuous monitoring systems
Communication Excellence: Proven ability to translate complex technical concepts into business-relevant insights for diverse audiences

Job Description Disclaimer: This position description provides the major duties/responsibilities, requirements and working conditions for the position. It is intended to be an accurate reflection of the current position, however management reserves the right to revise or change as necessary to meet organizational needs. Other responsibilities may be assigned when circumstances require.

Position & Application Details
Full-Time Regular Positions (classified as regular and working 40 standard weekly hours): This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.

Original Job Description

IT Security Auditor

Salt Lake City Office

Full time

Job Description

Job Profile Summary

The current information security landscape is technically complex and constantly changing. The IT Security Auditor uses their knowledge

of current security methods and standards to gather operational information and assess and analyze tools, systems, and processes in

defense of applications, systems, and networks and collaborate with Infrastructure and business teams.

Job Duties & Responsibilities

Audit Planning & Execution

IT Security Audit Management: Design, plan, and execute comprehensive IT internal security audits across on-premises, cloud, and hybrid environments
Risk-Based Audit Approach: Develop audit plans based on organizational risk assessments, business priorities, and regulatory requirements
Project Coordination: Manage multiple concurrent audit engagements, ensuring timely delivery and resource optimization

Documentation & Knowledge Management

Policy Review: Evaluate IT governance documentation, security policies, procedures, and standards for adequacy and effectiveness
Audit Documentation: Maintain comprehensive audit workpapers, evidence, and documentation in accordance with professional standards
Knowledge Sharing: Stay current with emerging threats, security trends, and audit methodologies through continuous learning

Collaboration & Advisory

Cross-Functional Partnership: Work closely with IT, cybersecurity, compliance, and business teams to understand system architectures and business processes
Technical Guidance: Provide expert advice on security best practices, control design, and risk mitigation strategies
Process Improvement: Recommend enhancements to audit methodologies, tools, and organizational security practices

Reporting & Communication

Executive Reporting: Prepare detailed audit reports with executive summaries, technical findings, risk ratings, and actionable recommendations
Stakeholder Engagement: Present audit results to senior management, IT leadership, and audit committees with clear business impact assessments
Issue Tracking: Monitor remediation progress and conduct follow-up audits to validate corrective actions
Gap Analysis: Compare current security posture against industry best practices and regulatory requirements

Compliance & Risk Management

Regulatory Compliance: Ensure adherence to industry standards and regulations (NIST, SOC 2, ISO 27001, PCI DSS, HIPAA, SOX, GDPR, GLBA, FERPA)
Risk Analysis: Identify, analyze, and quantify IT risks, developing comprehensive risk registers and mitigation strategies
Gap Analysis: Compare current security posture against industry best practices and regulatory requirements

Technical Assessment & Testing

Systems Evaluation: Conduct in-depth technical assessments of information systems, including network infrastructure, databases, applications, and cloud services
Control Testing: Evaluate the design and operational effectiveness of IT controls, including access controls, data encryption, and security monitoring systems
Vulnerability Assessment: Identify security weaknesses, configuration gaps, and potential attack vectors through systematic testing methodologies Technology Review: Assess emerging technologies and their security implications, including AI/ML systems, IoT devices, and automation tools

Collaboration & Advisory

Cross-Functional Partnership: Work closely with IT, cybersecurity, compliance, and business teams to understand system architectures and business processes
Technical Guidance: Provide expert advice on security best practices, control design, and risk mitigation strategies
Process Improvement: Recommend enhancements to audit methodologies, tools, and organizational security practices

Documentation & Knowledge Management

Policy Review: Evaluate IT governance documentation, security policies, procedures, and standards for adequacy and effectiveness
Audit Documentation: Maintain comprehensive audit workpapers, evidence, and documentation in accordance with professional standards
Knowledge Sharing: Stay current with emerging threats, security trends, and audit methodologies through continuous learning

KSAs

Knowledge of NIST, ISO, and PCI-DSS standards as well as FERPA, GLBA, GDPR, HIPAA, FTC regulations. Contributes to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk
Understanding of core AWS services, including compute (EC2, ECS, Lambda), network (VPC, Subnets, Security Groups), storage (S3, EFS, EBS), database (RDS), and identity (IAM)
Understanding of integrating security into the various stages of a CI/CD pipeline
Understanding of cloud security engineering principles as applied in support of, and integration with, key business and strategic priorities
Working knowledge of intrusion detection methodologies and techniques for detecting intrusions via intrusion detection technologies
Ability to use network management tools to analyze network traffic patterns
Ability to tune sensors, read, and interpret signatures
Great oral and written communication skills with the ability to communicate with purpose, clarity, and accuracy
Familiarity with network architectures, network services & devices, system types, development platforms, and software suites (Microsoft, Cisco, Oracle, Linux, etc.)
Excellent analytical, problem-solving, and decision-making skills
Ability to take a solution-driven approach to problem-solving
Working knowledge of securing and administering network devices and operating systems.
Knowledge and experience in incident handling, computer forensics, intrusion detection systems, firewalls, antivirus, syslog, etc.
Strong understanding of PCI, SOX, GLBA, PII, and FERPA requirements
Working knowledge of penetration testing and intrusion detection
Subject matter expert in area of responsibility or working knowledge of several technical areas
Methodical, data-driven approach to security and risk analysis; ability to think imaginatively in order to assist in implement security improvements
Understanding of the implications of privacy laws and regulations (i.e. GDPR and CCPA).
Strong understanding of SIEM content security rules to detect malicious, suspicious, and/or abnormal events
Understanding of cloud resources using infrastructure-as-code (CloudFormation, CDK, etc.)
Understanding of the Development of Security Content and Use Case Development. Alerting aligning to the MITRE ATT&CK Framework

Minimum Qualifications

Bachelor's Degree in Cybersecurity, Information Security, Computer Science, Information Systems, or related field
3-5 years of professional experience in IT audit, cybersecurity, risk management, or compliance roles
Demonstrated expertise in IT audit methodologies, risk assessment frameworks, and internal controls
Regulatory Frameworks: Working knowledge of multiple compliance standards (NIST Cybersecurity Framework, COBIT, ISO 27001/27002, SOC 2)
Audit Tools: Experience with audit management software, vulnerability scanners, and security assessment tools
IT Infrastructure: Understanding of network architecture, cloud platforms (AWS, Azure), databases, and enterprise applications
Security Technologies: Familiarity with firewalls, SIEM systems, identity management, encryption, and endpoint protection

Preferred Qualifications

Master's Degree in Cybersecurity, Information Security, Computer Science, Information Systems, or a related field
Audit Certifications: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager)
Security Certifications: CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control)
Cloud Certifications: AWS Security Specialty, Azure Security Engineer, or equivalent cloud security credentials
Data Analytics: Experience with data analysis tools (SQL, Python, R) for audit testing and risk quantification
Automation: Knowledge of audit automation tools and techniques, including continuous monitoring systems
Communication Excellence: Proven ability to translate complex technical concepts into business-relevant insights for diverse audiences

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.

Let me find your next job.

Thanks - you're signed up.

IT Security Auditor

Edtech.com's Summary

IT Security Auditor Full Description

Information Security Assistant

Engineer III (Data Security Analyst)

Senior Engineer (Sr. Data Security Analyst)

Risk and Compliance Manager

Information Security Analyst Tier 3