Internal Audit Manager - IT Risks and Controls

Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.
Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contributes to our collective success. Our values were crowdsourced by employees and are brought to life through each of us everyday - from disruptive innovation and collaboration, to execution. From showing up for each other with integrity to creating an environment where we all feel included.

As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal wellbeing programs are designed to give you choice in how you are supported. This includes our FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few!

At Palo Alto Networks, we believe in the power of collaboration and value in-person interactions. This is why our employees generally work full time from our office with flexibility offered where needed. This setup fosters casual conversations, problem-solving, and trusted relationships. Our goal is to create an environment where we all win with precision.

Your Career

Palo Alto Networks is looking for a highly motivated and experienced IT Risks and Controls Audit Manager to join our Corporate Internal Audit team.

The role will focus on IT Risks, Processes, and Controls. As part of a collaborative team, you will be responsible for conducting and delivering IT Systems, Governance, and Processes Audits and Transformation advisory engagements in alignment with the fast-paced, dynamic environment of Palo Alto Networks (PANW). Your role will involve reviewing Information Technology management processes and governance, as well as effectively communicating IT risks to internal stakeholders. Additionally, you will play a key role in managing risks related to IT Systems, Processes, and Controls and supporting the company's rapid system transformation by introducing leading practices and new processes. 

The ideal candidate must be a proven leader, an exemplary project manager, proactive, and confident in interacting with management and external stakeholders at all levels.  You bring business expertise, passion, and have experience in using analytical tools, assessing strategic, financial, regulatory and technology risks, preferably in a technology industry.

The candidate must demonstrate the ability to adhere to our corporate core values of Disruption, Execution, Collaboration, Integrity, and Inclusion.

Your Impact

• Plan, conduct, and report audit and advisory engagements related to IT Risks and Controls, IT and data Governance and processes, and IT Transformation processes to identify vulnerabilities and areas of concern.

• Lead comprehensive AI governance and technology audits, evaluating risks across the AI lifecycle (accuracy, bias, drift, explainability) and assessing the security posture of AI systems, including prompt engineering and runtime security.

• Develop and implement advanced audit methodologies for AI-driven products and services, ensuring compliance with emerging AI regulations and ethical guidelines.

• Drive the integration of AI risk management into existing technology audit domains, providing expert advisory on control design and contributing to AI capabilities.

• Collaborate with cross-functional teams, including Privacy, Business Resilience, IT, and Infosec, to identify and address audit findings through corrective actions, ensuring compliance with regulatory requirements within specified timelines.

• Lead research on current IT Risk and Controls issues and trends to formulate recommendations, and provide practical advice for corrective action, innovation, and continuous process improvements.

• Analyze audit data to identify trends, patterns, and potential issues. Ensure IT systems align with the company’s prescribed system development lifecycle.

• Lead the evaluation of new processes, policies, and systems to enhance organizational efficiency, effectiveness, and risk mitigation activities.

• Develop productive business partner relationships and engage with key management personnel to gather information and propose business process improvements.

• Stay updated on industry best practices and regulations related to IT system audits. Lead and mentor a team of auditors, providing guidance, training, and support.

Your Experience 

• Minimum of 8 years of IT Risk and Controls audit experience in a publicly traded company and/or public accounting firms. Previous experience in a technology company and/or Big 4 firms is preferred.

• Proven audit experience in Information Security, Privacy, Business Continuity Planning, System transformation and IT Governance including roles in external and/or internal audit with strong understanding of internal controls, IT processes, and technology risk principles.

• Strong understanding of the system development lifecycle. Proficiency in Information Technology Application Controls (ITAC) and Information Technology General Controls (ITGC) as well as enterprise systems such as SFDC, SAP, or equivalent.

• Bachelor's degree in Information Technology, Cybersecurity or related field from an accredited institution. 

• Certified Information Systems Auditor (CISA) certification is mandatory, Certified in Governance of Enterprise IT (CGEIT) is preferred. CA, CPA, CIA or equivalent certifications will be a plus.

• Sound knowledge of relevant regulations and industry standards (e.g., COBIT, ISO/IEC 27001, ISO/IEC 27701, ISO 22301, NIST, ITIL, COSO, and IT Governance Frameworks). 

• Excellent communication and interpersonal skills, ability to interpret complex data and identify areas of improvement, along with ability to work independently and in a team environment.

• Strong analytical, problem-solving skills with attention to detail and strong project management skills to prioritize and manage multiple audits concurrently. Proficiency in using audit software, data analysis tools, and MS Office applications.

• Experience in operational audit will be a plus.

• Must be able to work in our Santa Clara, California office at least 3 days a week.

The Team

The Internal Audit team is responsible for managing and executing the company’s internal audit program and ensuring we are best in class.

You will be part of a dynamic, disruptive, and fast paced team of highly specialized professionals with varied skill sets spread out between the U.S. and India.

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) is expected to be between $118,000 - $191,500/YR. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  [email protected].

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.