Sr. Information Security & Compliance Analyst
At Palo Alto Networks® everything starts and ends with our mission: protecting our way of life in the digital age by preventing successful cyberattacks. It’s not a small goal. It isn’t simple either, but we aren’t in this for the easy answer. As a company with a foundation in challenging the way things are done, we’re looking for innovators with a dedication to THE best. In return, your career will have a tangible impact - one that's working toward technology that affects every level of society.
Our mission doesn’t happen by treading softly. It happens by defining an industry. It means building products that haven't been thought of. It means selling products with a solutions mindset. It means supporting the infrastructure of a company that moves at an incredible speed…intentionally…to stay ahead of the world’s next cyberthreat.
We are seeking a Sr. Information Security and Compliance Analyst to join our Information Security team and partner with Palo Alto Networks business groups to improve our global information security posture. In this role, you will report to the Director of Risk & Compliance and work directly with key stakeholders and leaders across the organization to identify, monitor and report upon security risks to drive business action.
You will join a team of experienced, out-of-the-box thinkers and create programs that deliver real security results. Your primary focus will be to reduce overall security risks and mature Information Security Compliance Operations programs. This is a fast-paced, post startup environment and part of your success will lie in your willingness to learn and drive change across the organization through demonstrating our core values - Disruption, Execution, Collaboration, Integrity, and Inclusion.
- Assist in the development, implementation, and operationalization of Palo Alto Networks common control framework
- Develop and facilitate audit methodologies for testing and monitoring security and data privacy control implementation across technology environments
- Perform gap analysis and security risk assessments to determine if business systems are aligned with regulatory requirements, industry standards, best practices and internal information security policies, procedures, and standards
- Advise control owners in the development of remediation plans to meet the requirements of compliance and/or regulatory measures, including identification of mitigating or compensating controls
- Maintain and improve the risk register and associated risk management and remediation processes through evolving and supporting risk reporting to all levels of the organization (i.e. Executive, Management, Stakeholders, and Information Security Leadership), including executive reporting/scorecards and operational level metrics
- Assist in the analysis of third parties and reporting of respective risks to ensure compliance with internal policies and compliance frameworks
- Work closely with Information Security Architecture, Engineering and relevant Security Operations teams to deliver upon technical risk assessments
- Drive accountability for risk remediation with internal customers (i.e. Engineering, DevOps, IT, Information Security)
- Build and cultivate positive working relationships with internal customers
- Identify process and program level improvements that will strengthen the efficiency and effectiveness of Compliance Operations initiatives
- Support, exhibit and grow corporate culture that is committed to Governance, Risk, and Compliance and information security best practices
- 5-8 years information security Governance Risk and Compliance / information security assurance experience
- An undergraduate degree in IT, IS or related discipline, or an equivalent combination of education, certifications (CISSP, CISA, CISM, SANS GSEC, etc.) and experience
- Experienced in both qualitative and quantitative risk assessment methodologies
- Demonstrated knowledge and experience with information security frameworks (FedRAMP, ISO 27001/2, PCI DSS, SOC2) and industry best practices (NIST, SANS, CIS)
- Exposure to a broad range of technical controls such as logical access control, agile development process, secure coding principles, security architecture, information security, network security
- Strong cross-functional team program management abilities, including managing multiple assessments concurrently with different stakeholders and timelines
- Strong collaborative spirit and demonstrated success in a team-driven environment
- Ability to approach problems with an innovative, can-do attitude
- Big 4/information security consulting experience is a plus
- At least 3 years experience as a lead managing third party audits (SOX, PCI, SOC2) or technology focused risk assessments and remediation management
- Demonstrated understanding and experience assessing complex cloud and on-premise technology environments, architecture and data flows
- Strong knowledge of quantitative vulnerability scoring standards such as CVSS, OCTAVE, etc
- Bachelor's degree from four-year college or university; or equivalent training, education, and experience in information / cyber security, computer systems, IT, etc.
Think about it, security for an information security company. Working at a high-tech cybersecurity company within the Information Security team is a once in a lifetime opportunity. You’ll be joined with the brightest minds in technology, our global teams on the front line of defense against cyberattacks. We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving security gaps that inhibit our privacy.
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together. To learn more about our culture and dedication to inclusion and innovation, visit our careers page.
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
Additionally, we are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or an accommodation due to a disability or special need, please contact us at firstname.lastname@example.org.
Learn more about the amazing work experience at Palo Alto Networks here!
Meet Some of Palo Alto Networks's Employees
Jacqueline T.Senior Technical Support Engineer, Team Lead, Endpoint Security
Jaqueline and her team assist customers who call in with technical questions or issues in order to ensure excellent user experiences and complete platform security.
Back to top