Senior Security Compliance and Risk Specialist (US Citizenship and Clearance Required)

Company Description

To comply with U.S. federal government requirements, U.S. citizenship is required for this position 

Security Clearance Required: Minimum DoD Secret Clearance (T3 background investigation)

Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.
Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contributes to our collective success. Our values were crowdsourced by employees and are brought to life through each of us everyday - from disruptive innovation and collaboration, to execution. From showing up for each other with integrity to creating an environment where we all feel included.

As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal wellbeing programs are designed to give you choice in how you are supported. This includes our FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few!

Job Description

Your Career

We are seeking an experienced Senior Security Compliance and Risk Specialist to develop and implement security strategies, ensure alignment with FedRAMP and public sector compliance frameworks, and manage audit preparation and risk mitigation. This role involves cross-team collaboration, managing security assessments, and driving continuous improvement in security processes.

Your Impact

• Secure Development and Infrastructure Integration: 

• Collaborate with internal SMEs to develop and track implementation security solutions (firewalls, IDS/IPS, encryption, IAM) aligned with regulatory requirements and business impact. 

• Integrate security best practices into development processes and infrastructure, while staying informed on emerging threats and technologies for proactive risk mitigation.

• Compliance and Audit Management:

• Prepare for audits by organizing and submitting required documentation and evidence.

• Track progress on control compliance and automation initiatives.

• Build and maintain an audit runbook.

• Serve as the InfoSec point of contact for audit interviews with 3PAO.

• Partner with Product, IT, and IS teams to remediate audit findings.

• Risk Management and Remediation:

• Conduct security assessments to identify vulnerabilities and coordinate remediation efforts.

• Develop risk mitigation strategies, escalating issues as needed to ensure timely resolution and audit readiness.

• Policy and Documentation Oversight:

• Review and update security policies and control documentation to reflect current certification standards.

• Assist in control mapping and conduct internal audits to ensure compliance with regulatory frameworks.

• Continuous Improvement & Process Optimization:

• Propose and implement process improvements to streamline audit, certification, and compliance workflows.

• Support the integration of program data and tools (such as RADAR) to enhance compliance tracking and evidence management.

• Audit Automation and Pre-Audit Assessments:

• Build and maintain automation for visibility and enforcement of audit controls.

• Develop and maintain a process for pre-audit assessments for shared services.

• Conduct pre-audit assessments for shared services and partner with IT and IS teams to remediate any findings.

Qualifications

Your Experience 

• Bachelor’s degree in Computer Science, Information Security, or related field.

• 8+ years of experience in information security with a strong focus on cloud and enterprise security principles.

• Deep knowledge of FedRAMP compliance processes, ConMon, STIGs, and SRGs.

• Hands-on experience with security tools (SIEM, DLP, WAF) and cloud environments (AWS, Azure, GCP); familiarity with Palo Alto Networks products is a plus.

• Proven ability to lead security assessments, audits, and compliance initiatives, with strong communication skills to convey technical concepts to non-technical audiences.

• Relevant certifications (CISSP, CISM, CISA, CCSP) are preferred.

• Ability to meet FedRAMP access requirements.

Preferred Skills:

• Expertise in evidence collection and automation for public sector audits.

• Strong coordination, reporting, and risk identification skills.

• Experience optimizing audit and compliance processes for efficiency and accuracy.

This role offers the opportunity to lead security initiatives, drive compliance efforts, and enhance the organization’s security posture in a dynamic, fast-paced environment.

Additional Information

The Team

Join our dynamic Government Security team within the Information Security organization, where we drive compliance and enable business growth across the Global Public Sector. Our mission is to ensure regulatory alignment and safeguard government data, cleared facilities, and personnel, empowering Public Sector Sales to serve government agencies with confidence. We manage complex federal requirements worldwide and apply a Common Control Framework to assess and elevate policies, procedures, and standards, ensuring secure and compliant operations. Be part of a team that builds trust and advances impactful collaborations with public sector clients globally.

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be between $130000 - $211000/YR. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.