Lead Security Analyst, GRC

Operations Requisition ID 6524 Pune, India


The Lead Security Analyst is responsible for the specification, implementation, compliance, auditing and assessment of our production infrastructure.  Maintains account security for services, systems, and ancillary applications. Responsible for developing reports to verify compliance with security policies.  Will work closely with Development/Engineering, DBA, Networking, Support teams and Worldwide Customers to provide 24x7 support for Qualys production applications.

Key Responsibilities 

  • If required work with customers to identify and resolve customer issues related to Qualys products and services.
  • Participate in product design discussions and make appropriate recommendations.
  • Participate in Security Assessments conducted by prospective or existing customers.
  • Reviewing of Security Requirements within Customer/Vendor Agreements.
  • Audit systems for secure configuration -  users, time, central logging, etc.
  • Continuous vulnerability assessment and remediation.
  • Maintain documentation of operational processes.
  • Continuously review security bulletins and related news; stay apprised of current threats and trends.

Key Expertise: 

 Extensive expertise in the following areas:

  • Good knowledge of risk management concepts including risk assessment and risk treatment techniques and methodologies.
  • Information Security Management System (Gap Assessment, Implementation, Audit).
  • Compliance (ISO27001, SOX, FedRamp, HIPAA, NIST, PCI DSS, IRAP, SSAE16 etc.).
  • Technical Risk Assessment (Application Assessment, Control Testing, Policy Compliance, etc.).
  • Knowledge (not mandatory) in GRC tools like Archer GRC, MetricStream, Open Pages.
  • Business Continuity Planning / Disaster Recovery experience.
  • Experience of Vendor Risk Management and RFP response.
  • InfoSec principles and practices, understanding of security protocols, principles, standards and defense in depth.
  • InfoSec tools for performing vulnerability assessment, intrusion detection, integrity checking, event management.
  • Unix/Linux systems including hardware, software and applications.
  • PKI, VPNs; Firewalls, IDS, TLS, Incident Handling, TCP/IP fundamentals.
  • Working experience in SaaS is highly desirable.


  • 6+ years of risk management and/or compliance management experience.
  • Excellent communication and presentation skills.
  • Experience at working both independently and in a team-oriented, collaborative environment is essential.
  • Client management experience.
  • Conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
  • At least one security certification of CISSP, CISA, CISM, CRISC, CGEIT, CCSP, etc. shall be considered

EEO Employer/Vet/Disabled