Principal, ISO/SOC2 Technical Risk and Controls Advisory

What You'll Do

• Work with industry and standards bodies to provide information security technical and non-technical expertise.
• Work with other teams within Coalfire to drive customer success.
• Scope and lead on-site engagements with clients. This includes leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements.
• Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs.
• Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc.
• Collaborate with Coalfire engineering, support and business teams to convey partner and customer feedback.
• Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue.
• Provide Delivery Team Support, including: identifying process improvements, training Delivery personnel on methodologies/tools and quality topics, and mentoring Delivery personnel.
• Development of industry-wide service line thought leadership through:
Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, and tools
Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars
• Ensure continuous professional development by maintaining industry specific certifications.
• Maintain strong depth of knowledge in the practice area including being able to provide technical recommendations for clients to mitigate risks and implement controls in-line with framework requirements
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales  
• Travel is typically up to 20%
• Ability to be successful when working remotely.

What You'll Bring

• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role including 3+ years of experience working with ISO/IEC 27001:2022 and/or System and Organization Controls (SOC) 2
• 7+ years of experience working with two or more of the following:
• ISO/IEC 27001:2022
• ISO/IEC 27701:2019
• ISO 22301:2019
• ISO/IEC 42001:2023
• ISO 9001:2015
• System and Organization Controls (SOC) 2
• National Institute of Standards and Technology (NIST) frameworks (800 series)
• CCSP
• HITRUST CSF
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• Centers for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchange (MARS-E) or Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE)Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required.
• Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required.
• Strong verbal and written communications skills are a must, as well as the ability to work effectively across internal and external organizations and virtual teams.
• Exceptional interpersonal and communication skills and an executive presence - comfortable talking with CIOs, CTOs and CISOs about complex security issues.
• Ability to think strategically about business, product, and technical challenges.
• Strong initiative.  
• A strong work ethic, thirst for knowledge, enthusiasm for tacking new challenges, and a “we, not I” mentality when it comes to teamwork and the achievement of organizational goals.
• Knowledge of the latest information risk, security and compliance innovations, trends, challenges and solutions to provide best-practice recommendations.
• Experience in leveraging security best practices and/or standards (NIST, ISO, CIS Top 20, ISSA, CSA CMM) to solve problems for GRC programs.
• Demonstrated depth of security understanding in various sub domains such as encryption, business continuity, disaster recovery, identity and access management, incident response, change management, etc.
• Problem solving skills that contribute to the development of consultative solutions for unique client requirements.
• Experience building common compliance frameworks as well as mapping between different compliance requirements.
• Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.
• Proven ability in strategic consulting and influencing executive level decision makers both internally and externally.
• Experience leading discussions on the relationship between security, risk management, compliance, and sales/marketing.
• One or more of the following certifications:
• ISO: ISO/IEC 27001, ISO/IEC 27701:2019, ISO/IEC 42001:2023, and/or ISO 22301:2019 Lead Auditor/Implementer
• CISSP
• CISM or CISA
• HITRUST Certified CSF Practitioner (CCSFP)
• CIPP/US

Bonus Points

• Big Four Advisory/Consulting Experience
• DevSec Ops Experience 
• AWS, Azure, Google Cloud Platform certification(s). 
• OpenFair or related certification, CCBP 
• Vendor certifications for applicable product solution sets