I empathize with your predicament. I'm trying to implement a Tiki at work and have a similar situation where potentially many different departments are going to access wiki pages, and in some cases need to access and/or edit pages pertaining to other departments.
In some cases it's easy because the pages are generic enough because I can just create catch-all categories so that basically any registered user group can edit those pages. In other cases, not so much. I have a similar situation to you where we have certain "power users" outside of the IT department, that might need to access some IT information (either view or edit).
I don't think one single approach can address the issue fully but I've taken to creating hierarchies of user groups. So each department has it's own main user group but then it has higher (or lower depending on which way you look at it) sub-user groups, usually with a greater number of permissions.
How does this help me? Well in the case of IT, I have the generic IT user group but then I also have "IT Mods" (moderators) and "IT Power" (power users). Nobody in the IT department is actually in the IT user group, they belong to either IT Mods or IT Power. The users that I do put into IT, are usually from other departments who may need to access some IT information (and they also belong to their own departmental user group, whatever that may be).
To restrict access I then have to create different categories for different appropriate levels of access per user group. So one category can be accessed and edited by anyone with IT user group access (which includes IT Members since they are part of IT sub user groups), but for the IT stuff I don't want other departments to see, I only give access to the IT Mods or IT Power user groups.
Sorry this is a bit long-winded, but I hope it helps a little. It's still not a perfect solution and could potentially become a security/administration nightmare, but I think that is, at least in part the nature of the beast.