Compliance Research Analyst

As a Compliance Research Analyst, you will be responsible for developing advanced compliance solutions for the Policy Compliance product line at Qualys. This role involves working within the compliance, information security, and cyber/IT security domains, where your contributions will have a significant impact on the quality and effectiveness of Qualys' Compliance services.Description:Technical Specifications Development:Develop and document detailed technical specifications for Qualys Controls across various technologies, including operating systems, databases, applications, network devices, and cloud environments.Craft comprehensive content for Qualys Controls, including control statements, rationales, remediation steps, and framework mappings such as NIST SP 800-53 R4, PCI-DSS, ISO 27001, and other relevant standards.Security Standards and Policy Establishment:Establish and continuously refine technical security standards and policies within the Qualys Policy Compliance product for diverse technologies.Customize these standards using in-house expertise, aligning them with industry standards and guidelines from CIS, DISA STIG, Microsoft Security Baseline, and other authoritative sources.Regulatory Compliance Policy Development:Create and maintain regulatory compliance policies for a variety of standards, including DORA, PCI-DSS, NIST, HIPAA, GDPR, and others.Adapt and customize technical standards to meet specific customer requirements, ensuring compliance policies are both robust and flexible to accommodate unique business needs.Policy Customization and Validation:Develop tailored policies and guidelines to suit each customer's needs, ensuring that these policies, controls, and configurations are both audit-ready and compliant with various regulatory requirements.Validate these policies from the perspective of auditors and customers, ensuring they are appropriate for different environments and meet all necessary compliance standards.Industry Framework Alignment:Align Qualys controls with key industry regulations and best practices, including ISO 27001, NIST, HIPAA, PCI-DSS, SOC 2, and more.Understand and apply the MITRE ATT&CK framework, incorporating tactics, techniques, and procedures (TTPs) into compliance solutions to enhance security posture.Research and Innovation:Conduct thorough research to develop compliance solutions for new and emerging technologies, ensuring Qualys remains a leader in compliance innovation.Stay updated on the latest trends, threats, and regulatory changes in the cybersecurity and compliance landscape, applying this knowledge to improve Qualys' offerings.Customer Issue Resolution:Investigate and analyse customer issues related to compliance settings, providing expert solutions to close gaps, address flaws, and better satisfy customer requirements.Work directly with customers to ensure their compliance needs are met, offering customized solutions and support as needed.Collaboration and Delivery:Collaborate closely with development, QA, management, and infrastructure teams to ensure the timely and high-quality delivery of compliance solutions.Participate in cross-functional team meetings, contributing insights and recommendations to align project goals with broader business objectives. PRB