Principal, FedRAMP Advisory

Summary

Join Coalfire as a Principal Consultant (SME) and leverage your technical and business experience across three domains: evaluating security, mentoring team members, and performing research to bring clarity to client engagements or regulatory requirements.

Requirements

• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role
• Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges, and solutions
• Knowledge of strategy, privacy and risk standards/frameworks and professional practices (e.g., NIST, ISO, CIS Top 20, ISSA, CSA CMM, Privacy by Design and FAIR, etc.)
• Knowledge of the typical enterprise risk and security operational practices
• Knowledge of information security related solutions, tools, and utilities
• Experience in strategy development, setting direction for team members, influencing both internally and externally
• Experience building common compliance frameworks as well as mapping between different compliance requirements
• Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc
• Hands-on technical expertise is nice to have due to the technical components of the frameworks that are worked with
• Experience with risk assessment methodologies and risk reporting for executive leadership
• Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience
• 7+ years of experience working with one, more, or a combination of the following: National Institute of Standards and Technology (NIST) frameworks (800 series), FISMA, FedRAMP, DoD RMF, StateRAMP
• Strong verbal and written communications skills are a must, as well as the ability to work effectively across internal and external organizations and virtual teams
• Exceptional interpersonal and communication skills and an executive presence - comfortable talking with CIOs, CTOs and CISOs about complex security issues
• Ability to think strategically about business, product, and technical challenges
• Strong initiative

Responsibilities

• Work with industry and standards bodies to provide information security technical and non-technical expertise
• Scope and lead on-site engagements with clients, including leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements
• Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs
• Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc
• Manage delivery engagements by providing project status updates to applicable stakeholders, identifying showstoppers and roadblocks to project success, etc
• Collaborate with Coalfire engineering, support, and business teams to convey partner and customer feedback
• Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue
• Provide Delivery Team Support, including identifying process improvements, training delivery personnel on methodologies/tools and quality topics, and mentoring delivery personnel
• Development of industry-wide service line thought leadership through: Authoring methodologies, templates, white papers, work instructions, guidelines, forms, tools
• Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars