Remote Principal, GRC Advisory

Summary

Join Coalfire as a Principal Consultant on our ISO/SOC Advisory team and leverage your technical and business experience to evaluate and enhance the security of complex systems, mentor and develop team members, and engage outwardly into the community through blog posts, technical white papers, forum participation, and conference speaking engagements.

Requirements

• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role
• Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges and solutions
• Knowledge of strategy, privacy and risk standards/frameworks and professional practices (NIST, ISO, CIS Top 20, ISSA, CSA CMM, Privacy by Design and FAIR, etc.)
• Knowledge of the typical enterprise risk and security operational practices
• Knowledge of information security related solutions, tools and utilities
• Experience in strategy development, setting direction for team members, influencing both internally and externally
• Experience building common compliance frameworks as well as mapping between different compliance requirements
• Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc
• Hands-on technical expertise is nice to have due to the technical components of the frameworks that are worked with
• Experience with risk assessment methodologies and risk reporting for executive leadership
• Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience
• 7+ years of experience working with one or more of the following
• Payment Card Industry (PCI) Council's Payment Card Industry Data Security Standard (PCI DSS)
• ISO/IEC 27001:2022
• ISO 9001:2015
• System and Organization Controls (SOC) 2
• National Institute of Standards and Technology (NIST) frameworks (800 series)
• HITRUST framework
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required
• CISSP
• CISM or CISA

Responsibilities

• Work with other teams within Coalfire to drive customer success
• Scope and lead on-site engagements with clients. This includes leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements
• Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs
• Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc
• Collaborate with Coalfire engineering, support and business teams to convey partner and customer feedback
• Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue
• Provide Delivery Team Support, including: identifying process improvements, training Delivery personnel on methodologies/tools and quality topics, and mentoring Delivery personnel
• Development of industry-wide service line thought leadership through
• Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, tools
• Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars
• Support management of client satisfaction at all phases of the client relationship
• Ensure continuous professional development by maintaining industry specific certifications
• Maintain strong depth of knowledge in the practice area
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales

Preferred Qualifications

• In addition, dependent on the framework(s) you will be supporting you must have one or more of the following
• ISO: ISO/IEC 27001 Lead Auditor/Implementer
• Certified CSF Practitioner (CCSFP)
• PCI: Qualified Security Assessor (QSA)

Benefits

• Paid parental leave
• Flexible time off
• Certification and training reimbursement
• Digital mental health and wellbeing support membership
• Comprehensive insurance options