Director, Government Product Security Management

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

As the Director of Government Product Security Management, you will lead a motivated and globally diverse team accountable for the delivery of security outcomes in FedRAMP, NIAP, and other technical standards that improve the security posture of Qualys while building trust with our partners in governments around the world.

This is a senior role for a technical security leader that specializes in Continuous Monitoring, Technical Control Analysis, Product Certifications, as well as technical audit and assessment.

About Product Security at Qualys

The Product Security team operates differently. Simply put, build programs and resources to support the company exceed on goals related to the security of the customer experience on Qualys.

We prevent problems from becoming incidents.

About This Role

This is a leadership role for a career professional who would be both a player and coach across strategic and operational areas related to FedRAMP, NIAP, and other profiles of technical security framework.

This Director would lead the security of this area of business and create a flywheel of information back into our engineering and operations practices.

The successful applicant will be performing work in FedRAMP environments, and therefore, must be a U.S. Person (i.e. U.S.

citizen, U.S. national, lawful permanent resident, asylee, or refugee). This position may also perform work that the U.S.

government has specified can only be performed by a U.S. citizen on U.S. soil.

Responsibilities

Strategy & Execution : Deliver and operate on a comprehensive security strategy that aligns with business goals and regulatory requirements.

Serve as a primary liaison on government requirements between Product Security and other business units, ensuring clear communication and alignment on security initiatives.

Embed FedRAMP and NIAP considerations into the product development lifecycle and business operations.

Achieve & Maintain Authorizations : Coordinate efforts to obtain and maintain FedRAMP and NIAP authorization. Interface with stakeholders at all levels of the Qualys and our partners including Authorizing Agencies, FedRAMP PMO, Common Criteria Testing Laboratory Services, consultants, and 3PAO assessment teams.

Deliver Outcomes : Manage and facilitate the FedRAMP and NIAP authorizations and all efforts related to them. Coordinate with cross functional teams related to scoping, work break-down, critical path analysis, resourcing, time estimates, project risks, and quality.

Coordinate with teams to resolve project blockers and ensure success.

Continuous Monitoring : Enhance and improve on current Continuous Monitoring efforts, deliver improvement on POA&Ms, and work to drive a consistently clear message to internal stakeholders, customers, and authorizers.

Lead all Qualys ConMon discussions with government and commercial stakeholders. Work with internal teams to improve our practices to meet changing standards.

Audit & Assessment : Own the management and successful delivery of FedRAMP Annual Assessments, NIAP certification, as well as internal audits and assessment.

Trust but verify by validating compliance with governance and controls requirements.

Technical Leadership : Provide technical leadership in interpreting and implementing FedRAMP and NIAP security controls.

Deliver control analysis and guidance to Engineering, Operations, Security, Support, Finance, Product Management, Sales, and other stakeholders to ensure that the organization understands and implements requirements.

Qualifications

A qualified candidate has +10 years of experience in cybersecurity management and has :

• Demonstrated success across in delivery and / or year-over-year maintenance of FedRAMP Moderate to High.
• Successfully delivery of a product security conformance testing certification.
• Excellence in managing all aspects delivering against Continuous Monitoring Performance Management standards and best practices.
• Previously owned an RMF-style security framework at a SaaS company.
• Domain mastery in one of five or more technical control families in NIST SP 800-53 Rev 5 at the High Impact Baseline.
• Expertise in internal technical audits and remediations over years of leadership.
• Strong executive presence, excellent written and verbal communications, and effective presentation capabilities, and adept capabilities in analytical reporting.
• Proven and collaborative track record of governance change management with broad and diverse stakeholder groups.

Remote

Annual Salary Guidelines : $170,000 - $190,000

Qualys is an Equal Opportunity Employer, please see our EEO policy .