Senior Manager, InfoSec (GRC)
Senior Manager, InfoSec (GRC)
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Your Career
The Senior Manager Governance Risk & Compliance will report directly to the Director of Governance Risk & Compliance. In this pivotal role you will lead a team of GRC analysts and engineers within the InfoSec domain. Your primary focus will be on driving strategic and operational initiativesparticularly in thirdparty risk management customer trust and the development of policies procedures standards and guidelines. You will also participate in technologyselection decisions and craft longterm strategic roadmaps. The ideal candidate combines functional and technical thought leadership with strong peoplemanagement and stakeholdercollaboration skills to deliver measurable security outcomes.
Your Impact
Establish and implement the organizations Governance Risk and Compliance (GRC) framework focusing on third-party risk management customer trust and the development of policies and standards across application endpoint and infrastructure security domains.
Oversee the complete third-party risk management process: onboarding new vendors conducting risk assessments prioritizing remediation efforts and validating mitigation prior to operational deployment.
Oversee the complete customer trust process: leading customer audits completing security questionnaires from customers and maintaining standardized Information Security documentation prioritizing remediation efforts of audit findings.
Define and monitor key risk and compliance indicators (KRIs/KPIs) for vendor performance customer assurance and policy adherence to evaluate program effectiveness and ensure accountability.
Provide actionable intelligence on vendor and customer-facing security posture ensuring Service Level Agreements (SLAs) for remediation are met reducing control deficiencies and reinforcing trust commitments.
Collaborate with business stakeholders to incorporate Third-Party Risk Management (TPRM) and Customer Trust requirements into contracts SLAs and strategic initiatives such as new partnerships and product integrations.
Manage mentor and develop a high-performing team of GRC analysts and engineers; establish clear objectives performance benchmarks and professional development plans.
Serve as a trusted thought leader presenting third-party risk trends customer trust metrics and recommendations for policies and standards to senior management and the board of directors.
Advise executive leadership on security risks related to vendors customer trust obligations and options for policy treatment to facilitate informed decision-making and maintain stakeholder confidence.
Contribute to other GRC and InfoSec programs as needed.
Qualifications :
Your Experience
10 years of progressive Governance Risk & Compliance experience in technology or regulated industries with at least 35 years in a leadership role
Bachelors degree in Computer Science Information Security or related field
Proven track record building and scaling enterprise GRC frameworks (ISO27001 NIST CSF SOC2 FedRAMP) end to end.
Exposure to emerging AI regulations and guidelines (EU AI Act FTC AI principles NYDFS AI guidance) and embedding those requirements into vendor risk questionnaires and policies.
Hands-on experience running thirdparty risk management programs - vendor assessments contract clauses remediation tracking and embedding customertrust controls.
Hands-on experience evaluating cloud service providers (e.g. AWS Azure GCP) against sharedresponsibility models CSPM findings and secure configuration frameworks (CIS NIST)
Handson experience evaluating AIrelated risks from third parties.
Solid understanding of application endpoint and infrastructure security controls to validate control design and drive mitigation of identified gaps.
Extensive expertise with GRC and automation platforms (OneTrust RSA Archer MetricStream etc.) coupled with the ability to translate risk data into executivegrade dashboards and meaningful KRIs/KPIs.
Strong curiosity about AI tools and the latest generative AI trends with a willingness to explore emerging technologies and apply them creatively to solve real-world problems
Demonstrated ability to partner with Legal Procurement IT Privacy Product Engineering to integrate security policies and standards into business processes.
Strong leadership skills: coaching and growing GRC analysts and engineers setting clear objectives and fostering crossfunctional collaboration.
Excellent communication skills:ability to articulate complex risk and compliance requirements to both technical teams and senior executives.
Experience operating in Agile environments driving iterative improvements in GRC tooling workflows and reporting.
Professional certifications a plus: CISSP CISM CRISC or relevant cloud security credentials (AWS Azure GCP).
Additional Information :
The Team
Think about it security for the largest Cyber Security company in the world. Were not your ordinary Information Security team. Were a diverse group of security professionals who challenge the status quo in order to protect Palo Alto Networks and our customers. Working at a high-tech cybersecurity company within the Information Security team is a once in a lifetime opportunity. Youll be joined with the brightest minds in technology our global teams on the front line of defense against cyberattacks. Were joined by one mission but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving security gaps that inhibit our privacy.
Compensation Disclosure
The compensation offered for this position will depend on qualifications experience and work location. For candidates who receive an offer at the posted level the starting base salary (for non-sales roles) is expected to be between $180000 - $290500YR. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.
#LC1
Our Commitment
Were problem solvers that take risks and challenge cybersecuritys status quo. Its simple: we cant accomplish our mission without diverse teams innovating together.
We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need please contact us at .
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace and all qualified applicants will receive consideration for employment without regard to age ancestry color family or medical care leave gender identity or expression genetic information marital status medical condition national origin physical or mental disability political affiliation protected veteran status race religion sex (including pregnancy) sexual orientation or other legally protected characteristics.
All your information will be kept confidential according to EEO guidelines.
Is role eligible for Immigration Sponsorship: Yes
Remote Work :
No
Employment Type :
Full-time
Employment Type
Full-time
