Qualys Policy Compliance Expert

Qualys Compliance Monitoring Expert (Contract)

Location:

Frisco, TX.

Software Guidance & Assistance, Inc. (SGA), a women‑owned business, is searching for a Qualys Compliance Monitoring Expert for a Contract assignment with one of our premier Banking clients.

We are seeking a Qualys Compliance Monitoring Expert to lead the design, deployment, and management of our enterprise compliance monitoring program. This role focuses on leveraging Qualys Policy Compliance (PC) and related modules to ensure IT assets meet regulatory, security, and organizational standards. The ideal candidate will have deep expertise in security compliance frameworks, automated monitoring, and cross‑team collaboration to drive a proactive compliance posture.

• Act as subject matter expert (SME) for Qualys Policy Compliance (PC) and Continuous Monitoring solutions.
• Develop, configure, and maintain compliance scan policies aligned with CIS benchmarks, NIST, ISO 27001, PCI‑DSS, HIPAA, and SOX requirements.
• Manage compliance monitoring workflows, including scheduling, execution, and reporting of automated scans.
• Analyze scan results, identify gaps, and partner with Infrastructure, Cloud, and Application teams to drive remediation.
• Build and deliver executive‑level dashboards and compliance reports to track risk posture and audit readiness.
• Support audit and regulatory requirements by providing scan evidence, remediation tracking, and compliance metrics.
• Tune compliance profiles to reduce false positives and ensure accurate reporting across heterogeneous environments (Windows, Linux, Databases, Cloud).
• Integrate Qualys with ITSM systems (e.g., Service Now) to automate compliance ticketing and exception handling.
• Collaborate with Security Architecture, Risk Management, and IT Operations teams to align compliance strategy with enterprise goals.
• Provide ongoing training and guidance to internal stakeholders on compliance best practices.

• Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
• 5+ years of experience in IT Security, Compliance, or Vulnerability Management.
• Hands‑on experience with the Qualys Guard Suite, specifically Policy Compliance (PC), Continuous Monitoring, and Asset Management.
• Strong understanding of compliance frameworks: PCI‑DSS, HIPAA, SOX, ISO 27001, NIST CSF, and CIS Benchmarks. Experience building policies.
• Proficiency in interpreting compliance reports and guiding remediation teams.
• Familiarity with cloud platforms (AWS, Azure, Google Cloud Platform) and their compliance requirements.
• Experience with automation and integration using APIs, scripting (Python, Power Shell, Bash), and ITSM tools.
• Strong analytical, problem‑solving, and communication skills with the ability to work across diverse teams.

• Certifications:
  
  Qualys Certified Specialist, CISSP, CISA, CISM, or ISO 27001 Lead Implementer.
• Experience integrating Qualys with SIEM platforms for compliance event monitoring.
• Knowledge of container and Kubernetes compliance scanning.

SGA is a technology and resource solutions provider driven to stand out. Our mission is to solve big IT problems with a more personal, boutique approach. SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or other legally protected status.

We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment.