Senior Certification Manager

About The Position

Requirements

• 5+ years of experience supporting or leading technology-focused FedRAMP risk assessments, Continuous Monitoring, and remediation efforts
• Demonstrated ability to make risk based decisions and interpret security controls in complex, real work, environments
• Working knowledge of public cloud platforms (GCP, AWS, and/or Azure), including how cloud native architectures and services implement and enforce security controls
• Proven ownership of complex, cross functional initiatives, including planning, execution, and stakeholder communication
• Hands on authorship and long-term maintenance of SSPs and supporting certification documentation
• Ability to manage multiple, concurrent, initiatives in a complex, past paced, environments
• Demonstrated ability to drive outcomes across teams without direct reporting authority
• Hands on, self directed working style with a strong aptitude for understanding and working with complex technology products
• Experience working effectively in distributed environments with multiple teams operating across different priorities and time zones
• Excellent written and verbal communication skills, with the ability to engage effectively with engineers, business stakeholders, auditors, and leadership
• Proactive, curious, and transparent approach; assertive yet collaborative, comfortable taking ownership, asking hard questions, and driving work to completion with minimal supervision while embodying Palo Alto Networks values
• BS degree (or equivalent technical degree or equivalent military experience) required

Nice To Haves

• MS preferred
• CISA, CRISC, CISSP or other similar security certifications desired

Responsibilities

• Own and execute certification strategies in close partnership with product management, sales, engineering and other stakeholders ensuring certification outcomes are aligned with company priorities, product direction, and compliance changes.
• Drive FedRAMP Moderate, High, and IL5 assessment activities in partnership with engineering, security, and external assessors
• Apply NIST 800-53, FedRAMP, and DoD SRG requirements to define clear, actionable expectations and deliverables for internal teams
• Lead audit and ConMon execution, including evidence coordination, remediation planning and triage, and POAM lifecycle management
• Author and maintain the System Security Plan (SSP) and supporting artifacts as systems and processes change
• Apply deep understanding of complex security and cloud architecture to evaluate control implementation, identify gaps, and drive remediation with engineering teams
• Build deep technical fluency across the product portfolio to lead discussions with assessors, agencies, and PMO certification bodies, allowing internal subject matter experts to remain focused on delivery
• Communicate clearly and effectively across all levels of the organization, from hands on engineers to executive leadership, as well as external certification stakeholders
• Manage certification execution with a program management mindset by owning project plans, timelines, dependencies, and risks, and by providing clear status to stakeholders and leadership