At Palo Alto Networks® everything starts and ends with our mission: protecting our way of life in the digital age by preventing successful cyberattacks. It’s not a small goal. It isn’t simple either, but we aren’t in this for the easy answer. As a company with a foundation in challenging the way things are done, we’re looking for innovators with a dedication to THE best. In return, your career will have a tangible impact - one that's working toward technology that affects every level of society.
Our mission doesn’t happen by treading softly. It happens by defining an industry. It means building products that haven't been thought of. It means selling products with a solutions mindset. It means supporting the infrastructure of a company that moves at an incredible speed…intentionally…to stay ahead of the world’s next cyberthreat.
We are seeking a Sr. Information Security and Compliance Analyst to join our Information Security team and partner with Palo Alto Networks business groups to improve our global information security posture. In this role, you will report to the Director of Risk & Compliance and work directly with key stakeholders and leaders across the organization to identify, monitor and report upon security risks to drive business action.
You will join a team of experienced, out-of-the-box thinkers and create programs that deliver real security results. Your primary focus will be to Centralize Control Failures (Against an internally developed Common Control Framework) identified by Security & Compliance functions and effectively communicate Risks to the Business & Risk Committee. In addition, enable top-down risk remediation and bottom-up issue remediation. Palo Alto Networks is a fast-paced, post startup environment and part of your success will lie in your willingness to learn and drive change across the organization through demonstrating our core values - Disruption, Execution, Collaboration, Integrity, and Inclusion.
Assist in the development, implementation, and operationalization of Palo Alto Networks’ Risk Management data model, data store and reporting platform
Establish procedural and technical relationships with Information Security & Compliance functions at Palo Alto Networks, ensuring that all risk is reported centrally and uniformly.
Maintain and improve our risk register and reporting to all levels of the organization (i.e. Executive, Management, Stakeholders, and Information Security Leadership)
Assist in the development, implementation, and operationalization of automating compliance activities through innovation and use of Palo Alto Networks Products to help our practice scale and innovate the risk management space.
Continuously improve our existing tooling and processes by enhancing our tooling integrations, configurations and usability
Develop and facilitate audit methodologies for testing and monitoring security and data privacy control implementation across technology environments
Work closely with Information Security Architecture, Engineering and relevant Security Operations teams to deliver upon technical risk assessments.
Perform gap analysis and security risk assessments to determine if business systems are aligned with regulatory requirements, industry standards, best practices and internal information security policies, procedures, and standards
Advise control owners in the development of remediation plans to meet the requirements of compliance and/or regulatory measures, including identification of mitigating or compensating controls
Drive accountability for risk remediation with internal customers (i.e. Engineering, DevOps, IT, Information Security)
Build and cultivate positive working relationships with internal customers
Support, exhibit and grow corporate culture that is committed to Governance, Risk, and Compliance and information security best practices
- 5-8 years information security Governance Risk and Compliance / information security assurance experience
Demonstrated knowledge and experience with information security frameworks (FedRAMP, ISO 27001/2, PCI DSS, SOC2) and industry best practices (NIST, SANS, CIS)
Experienced in both qualitative and quantitative risk assessment methodologies
Exposure to a broad range of technical controls such as logical access control, agile development process, secure coding principles, security architecture, information security, network security
Strong cross-functional team program management abilities, including managing multiple assessments concurrently with different stakeholders and timelines
Strong collaborative spirit and demonstrated success in a team-driven environment
Ability to approach problems with an innovative, can-do attitude
Big 4/information security consulting experience is a plus
At least 3 years experience as a lead managing third party audits (SOX, PCI, SOC2) or technology focused risk assessments and remediation management
Demonstrated understanding and experience assessing complex cloud and on-premise technology environments, architecture and data flows
Other education, certifications (CISSP, CISA, CISM, SANS GSEC, etc.) and experience
Understanding of SQL, BigQuery and Data Studio, a plus
Bachelor's degree from four-year college or university; or equivalent training, education, and experience in information / cyber security, computer systems, IT, etc.
Think about it, security for an information security company. Working at a high-tech cybersecurity company within the Information Security team is a once in a lifetime opportunity. You’ll be joined with the brightest minds in technology, our global teams on the front line of defense against cyberattacks. We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving security gaps that inhibit our privacy.
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together. To learn more about our culture and dedication to inclusion and innovation, visit our careers page.
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
Additionally, we are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or an accommodation due to a disability or special need, please contact us at firstname.lastname@example.org.
Learn more about the amazing work experience at Palo Alto Networks here!
All your information will be kept confidential according to EEO guidelines.