Principal - Enterprise, Global, & AI Compliance Advisory

What You'll Do

• GRC Engineering & Automation: Design and implement automated compliance workflows using leading platforms (UiPath, Vanta, Drata, Archer, etc.). Develop and maintain Centralized Compliance Frameworks (CCF) to unify multi-framework compliance requirements. Architect scalable compliance solutions integrated with enterprise systems and cloud environments.
• Experience designing internal controls, designing internal controls assessments, designing sampling methodologies, scoping assessments, planning assessments, and gaining management support.
• Continuous Controls Monitoring: Implement and manage continuous monitoring solutions for real-time compliance and risk visibility. Develop dashboards and reporting mechanisms leveraging data analytics tools (e.g., Snowflake).
• AI & Advanced Technologies: Apply prompt engineering techniques and leverage LLMs/AI models to enhance compliance automation and risk analysis. Train internal teams and clients on AI-driven compliance tools and methodologies.
• Privacy & Data Governance: Advise on privacy frameworks (GDPR, CCPA, ISO 27701) and implement data governance strategies. Ensure compliance with global data protection regulations through automated controls and reporting.
• GRC as a Service & MSP/MSSP Strategy: Develop service delivery models for GRC as a Service. Collaborate with MSP/MSSP teams to design recurring revenue streams and future-of-work strategies for compliance services.
• Thought Leadership & Mentorship: Publish technical white papers, blogs, and deliver presentations on GRC engineering and automation trends. Mentor team members on compliance engineering, automation tools, and AI integration.
• Work with industry and standards bodies to provide information security technical and non-technical expertise.
• Work with other teams within Coalfire to drive customer success.
• Scope and lead on-site engagements with clients. This includes leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements.
• Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs.
• Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc.
• Collaborate with Coalfire engineering, support and business teams to convey partner and customer feedback.
• Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue.
• Provide Delivery Team Support, including: identifying process improvements, training Delivery personnel on methodologies/tools and quality topics, and mentoring Delivery personnel.
• Development of industry-wide service line thought leadership through:
• Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, and tools
• Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars
• Ensure continuous professional development by maintaining industry specific certifications.
• Maintain strong depth of knowledge in the practice area including being able to provide technical recommendations for clients to mitigate risks and implement controls in-line with framework requirements
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales  
• Travel up to 20%

What You'll Bring

• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role.
• Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required.
• Proven experience with GRC automation platforms (UiPath, Vanta, Drata, Archer, OneTrust, Oracle GRC, Hyperproof, or other market competitors, etc..).
• Familiarity with GRC as a Service, MSP, and MSSP concepts to build recurring revenue models.
• A strong work ethic, thirst for knowledge, enthusiasm for tacking new challenges, and a “we, not I” mentality when it comes to teamwork and the achievement of organizational goals.
• Strong communication skills with executive presence for CIO/CTO/CISO-level discussions.
• Knowledge of the latest information risk, security and compliance innovations, trends, challenges and solutions to provide best-practice recommendations.
• Experience in leveraging security best practices and/or standards (NIST, ISO, CIS Top 20, ISSA, CSA CMM, OWASP, DMBOK, Prosci, GAO Greenbook, COBIT, AICPA/SOC TSCs) to solve problems for GRC programs.
• Strong knowledge of Centralized Common Compliance Frameworks (CCF) and multi-framework mapping.
• Experience building common compliance frameworks as well as mapping between different compliance requirements.
• Demonstrated depth of security understanding in various sub domains such as encryption, business continuity, disaster recovery, identity and access management, incident response, change management, etc.
• Hands-on experience in systems architecture and integration of compliance solutions.
• Problem solving skills that contribute to the development of consultative solutions for unique client requirements.
• Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.
• Proven ability in strategic consulting and influencing executive level decision makers both internally and externally.
• Experience leading discussions on the relationship between security, risk management, compliance, and sales/marketing.
• 3+ years of experience working with ISO/IEC 27001:2022 and/or System and Organization Controls (SOC) 2
 
• 7+ years of experience working with two or more of the following:
• ISO/IEC 27001:2022
• ISO/IEC 27701:2019
• ISO 22301:2019
• ISO/IEC 42001:2023
• ISO 9001:2015
• System and Organization Controls (SOC) 2
• National Institute of Standards and Technology (NIST) frameworks (800 series)
 
 
• One or more of the following certifications:
• ISO: ISO/IEC 27001, ISO/IEC 27701:2019, ISO/IEC 42001:2023, and/or ISO 22301:2019 Lead Auditor/Implementer
• CISM
• CISA
• CIPP/US / CIPP/EU
• CISSP
• CRISC
• CDPSE
• AAIA
• AAIR
• AAISM
• CGEIT
• CCP/CCA

Bonus Points

• Big Four Advisory/Consulting Experience
• DevSecOps Experience 
• CISSP, CISM, CRISC, CDPSE, or CGEIT
• HITRUST Certified CSF Practitioner (CCSFP)
• CIPP/US / CIPP/EU
• ISO 42001 Lead Auditor/Implementer 
• AWS, Azure, Google Cloud Platform certification(s). 
• CCSK
• AAIA
• AAIR
• AAISM
• OpenFair or related certification, CCBP 
• Vendor certifications for applicable product solution sets