Principal

Summary

Join Coalfire's ISO/SOC Advisory team as a Principal Consultant, serving as a Compliance Advisory subject matter expert (SME). Lead GRC framework engagements, including scoping, gap analysis, and training. Assess client firms' security and compliance against regulatory requirements and best practices. Mentor team members and contribute to community engagement through publications and presentations. This highly technical individual contributor role requires strong communication and collaboration skills, working with clients and internal teams to deliver successful projects and drive customer satisfaction. The role involves up to 20% travel and offers a flexible work model.

Requirements

• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role including 3+ years of experience working with ISO/IEC 27001:2022 and/or System and Organization Controls (SOC) 2
• 7+ years of experience working with two or more of the following: ISO/IEC 27001:2022 ISO/IEC 27701:2019 ISO 22301:2019 ISO/IEC 42001:2023 ISO 9001:2015 System and Organization Controls (SOC) 2 National Institute of Standards and Technology (NIST) frameworks (800 series) CCSP HITRUST CSF Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and Clinical Health Act (HITECH) Centers for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchange (MARS-E) or Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE)
• Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required
• Strong verbal and written communications skills are a must, as well as the ability to work effectively across internal and external organizations and virtual teams
• Exceptional interpersonal and communication skills and an executive presence - comfortable talking with CIOs, CTOs and CISOs about complex security issues
• Ability to think strategically about business, product, and technical challenges
• Strong initiative
• A strong work ethic, thirst for knowledge, enthusiasm for tacking new challenges, and a “we, not I” mentality when it comes to teamwork and the achievement of organizational goals
• Knowledge of the latest information risk, security and compliance innovations, trends, challenges and solutions to provide best-practice recommendations
• Experience in leveraging security best practices and/or standards (NIST, ISO, CIS Top 20, ISSA, CSA CMM) to solve problems for GRC programs
• Demonstrated depth of security understanding in various sub domains such as encryption, business continuity, disaster recovery, identity and access management, incident response, change management, etc
• Problem solving skills that contribute to the development of consultative solutions for unique client requirements
• Experience building common compliance frameworks as well as mapping between different compliance requirements
• Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience
• Proven ability in strategic consulting and influencing executive level decision makers both internally and externally
• Experience leading discussions on the relationship between security, risk management, compliance, and sales/marketing
• One or more of the following certifications: ISO: ISO/IEC 27001 , ISO/IEC 27701:2019, ISO/IEC 42001:2023, and/or ISO 22301:2019 Lead Auditor /Implementer CISSP CISM or CISA HITRUST Certified CSF Practitioner (CCSFP) CIPP/US

Responsibilities

• Work with industry and standards bodies to provide information security technical and non-technical expertise
• Work with other teams within Coalfire to drive customer success
• Scope and lead on-site engagements with clients. This includes leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements
• Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs
• Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc
• Collaborate with Coalfire engineering, support and business teams to convey partner and customer feedback
• Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue
• Provide Delivery Team Support, including: identifying process improvements, training Delivery personnel on methodologies/tools and quality topics, and mentoring Delivery personnel
• Development of industry-wide service line thought leadership through: Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, and tools
• Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars
• Ensure continuous professional development by maintaining industry specific certifications
• Maintain strong depth of knowledge in the practice area including being able to provide technical recommendations for clients to mitigate risks and implement controls in-line with framework requirements
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales

Preferred Qualifications

• Big Four Advisory/Consulting Experience
• DevSecOps Experience
• AWS, Azure, Google Cloud Platform certification(s)
• OpenFair or related certification, CCBP
• Vendor certifications for applicable product solution sets

Benefits

• Flexible work model
• Paid parental leave
• Flexible time off
• Certification and training reimbursement
• Digital mental health and wellbeing support membership
• Comprehensive insurance options