GRC Specialist

Information Technology Requisition ID 5962 Raleigh, North Carolina


Full Job Description

This role will be responsible for supporting our ongoing compliance efforts (PCI DSS, GDPR, CCPA, IRAP, ISO, SSAE, CCM and FedRAMP frameworks), working collaboratively to manage risk within the organization, and assisting to shape the Qualys information security program through documentation and evaluation of security controls within Qualys and external 3rd part entities. You will work side by side with the information security team and others from across the organization to help ensure Qualys and our customers data in secure and meeting organizational compliance standards.

  • Produce weekly, monthly, and quarterly uptime and status reports for production and critical internal infrastructure
  • Manage organizational infrastructure LDAP/RADIUS/Basic auth,
  • Design processes, programs, and workflows,
  • Handle all internal/External Audits, ISP document maintenance,
  • Security log management & event monitoring (Splunk/CISCO Firepower),
  • Incident Response,
  • Build custom packages & key management,
  • VM, PKI management external/internal,
  • Automation of legacy/scheduled manual tasks,
  • Identity and Access Management.

Skillset Needed:

  •  6-8 Years in GRC with background in ISO27001, 27017, 27018, FedRAMP, ISAE16, ITIL, PCI, CCM, IRAP and GDPR.
  • Strong user of PowerPoint, MS Project Plan, Visio, Excel.
  • Experience with Office365, SharePoint and/or Confluence.
  • Be self-directed and self-motivated.
  • Ability to focus on repetitive work efforts.

Beneficial Skillset:

  • Qualys on Qualys, Threat Intel,
  • FedRAMP Continuous Monitoring background,
  • Detailed background in FedRAMP Moderate and High environments.
  • Detailed knowledge of Qualys products and scanners
  • Relevant InfoSec certifications like CRISC, CISA, CISM, CISSP, CEH, etc.

EEO Employer/Vet/Disabled