Compliance Management Specialist

About us:
Skill Quotient Technologies is a global leader in delivering transformative IT solutions, committed to empowering businesses in the digital era since its inception in 2016. Specializing in Cloud Services & Management, Cyber Security, Applications Development, Enterprise Solutions, Process Automation, Data Engineering, Software Testing, Staff Augmentation, and Project and Product Management. Skill Quotient provides cutting-edge services tailored to meet diverse industry needs. Its dedicated cybersecurity division, SecurePlex has achieved prestigious recognition, including being named Cyber Security Company of the Year 2025 by the Malaysia Cyber Security Awards. With a global presence across the USA, Saudi Arabia, Malaysia, Singapore, UAE, and India, Skill Quotient emphasizes quality, security, and innovation, underscored by ISO 27001:2013, CREST, and CMMI-DEV ML 3 certifications.

Key Responsibilities / Deliverables
1. Lead Security Baseline Program
a. Lead the Security baseline program in the client's and plan on the deliverables of the baseline end-to-end
b. Stakeholder management with relevant parties involved in Security Baseline, e.g. architecture team, subject matter expert team and risk management team
c. Track the progress of the baseline and ensure deliverables as per plan

2. Security Baseline Configuration:
a. Develop, review, and implement security baseline configurations for not limited to below:
i. Operating systems (e.g. Windows, Linux)
ii. Database (e.g. SQL, MySQL, Posgress, MSSQL)
iii. Firewall
iv. Hypervisor
v. Microsoft 365 Suite (ATP, Exchange Online, SharePoint Online, etc)
vi. Azure and AWS Cloud

b. Collaborate with clients to understand their security requirements and tailor configurations to meet specific business needs.

3. Testing and policy compliance assessment:
a. Conduct comprehensive policy compliance testing across Windows, SQL, and cloud environments.
b. Utilize Qualys and other relevant tools to identify and remediate security vulnerabilities (e.g. Microsoft Security Compliance, Intune, MDE ASR, Secure Score, etc.).
c. Evaluate and recommend security solutions to mitigate risks effectively.

4. Deployment and Integration:
a. Lead the deployment of security configurations across diverse environments, ensuring seamless integration with existing systems.
b. Collaborate with internal teams and client stakeholders to implement security measures without disrupting critical business operations.

5. Issues and Troubleshooting:
a. Provide expertise in issues arise, investigating and mitigating security incidents promptly.
b. Troubleshoot security-related issues and provide effective resolutions to maintain a secure and stable environment.

6. Documentation and Reporting:
a. Create detailed documentation of security configurations, deployment processes, and testing methodologies.
b. Generate regular reports on security assessments, vulnerabilities, and recommended actions for clients and internal stakeholders.

7. Security Best Practices and Compliance:
a. Stay updated on industry best practices, emerging threats, and security trends.
b. Ensure compliance with relevant security standards and regulations.

8. Continuous Monitoring and Improvement
a. Monitoring and Metrics
i. Implement continuous compliance monitoring to detect deviations in real time.
ii. Customize dashboards and KPIs to visualize overall compliance posture, trend analysis, and platform- specific status.
iii. Configure alerts and automated notifications to notify relevant stakeholders of compliance gaps or critical issues.

b. Continuous Improvement
i. Periodically review and enhance security baselines, controls, and compliance templates based on new technologies, industry trends, threat intelligence, and business needs.
ii. Support new technology onboarding to assess and integrate into the compliance management process.

9. Knowledge Management and Training
a. Documentation and Knowledge Base
i. Create and maintain detailed documentation for:
ii. Compliance configurations
iii. Assessment procedures
iv. Remediation processes
v. Exception management workflows

b. Develop user manuals, SOPs, FAQs, and knowledge base articles.
i. Training and Enablement
ii. Provide training, onboarding, and support to users and administrators of the compliance management platform (e.g., Qualys).
iii. Establish a knowledge- sharing process to promote awareness of compliance best practices, success stories, and lessons learned across the client

c. Tool Awareness
i. Stay updated on Qualys platform updates, new features, and enhancements.
ii. Provide recommendations to optimize platform usage and reduce compliance management overhead."

Requirement and Certification
1. Bachelor’s degree in computer science, Information Security, or a related field.
2. At least 6–7 years of proven experience as a technical consultant with a focus on security configuration and deployment.
3. In-depth knowledge of:
- Microsoft products
- Windows Servers/Client operating systems (e.g. Windows Server2019/2022, Windows10/11, macOS)
- Microsoft Active Directory (AD2019, 2022, Azure AD/EntraID)
- Linux Operating Systems (e.g. RHEL, Ubuntu, CentOS)
- Web servers and services (e.g. IIS, Apache)
- SQL databases (e.g. Microsoft SQL Server, MySQL, Azure SQL)
- Cloud platforms (Azure, AWS)
4. Expertise in using Qualys or similar tools for vulnerability assessment (e.g. Qualys, Microsoft Security Compliance, Intune, ASR, Secure Score).
5. Strong understanding of security best practices and compliance standards.
6. In-depth knowledge in implementing security baselines via various platforms:
- Group Policy Objects
- Active Directory
- Intune
- Microsoft Defender for Endpoint (MDE)
7. Excellent problem-solving, analytical, and communication skills.

Preferred Skills:
1. Certifications such as Microsoft Azure Administrator, Microsoft Windows Server Hybrid Administrator, or Azure Database Administrator are highly preferred.
2. Additional certifications such as CISSP, CISM, CompTIA Security+, or other relevant credentials are a plus.
3. Experience with scripting and automation for security tasks."