Principal, ISO/SOC Compliance Advisory
About CoalfireCoalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. And we’re growing fast. We are looking for a Principal to join Coalfire's ISO/SOC Compliance Advisory team. This is a hybrid remote and in-office position located in Atlanta, GA.Job SummaryThe Principal Consultant (SME) is considered a Compliance Advisory subject matter expert (SME), with strong expertise in a focal technical area e.g., evaluating/assessing the security and compliance of client firms/services against regulatory, industry requirements and standards, or against security best practice frameworks, etc. but has subject matter knowledge and/or experience in the other areas that affect the practice.
What You'll Do
- Lead remote or onsite delivery engagements with clients to build out compliance roadmaps to complete compliance goals
- This includes leading pre-sales calls, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements
- Work with other teams within Coalfire to drive customer success
- Develop content, such as procedures, policies, implementation road maps and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs
- Lead internal/external project status meetings to include information for: schedules, data requirements, assignments
- Manage delivery engagements by providing project status updates to applicable stakeholders, identifying showstoppers and roadblocks to project success, etc.
- Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability, revenue, and success
- Provide Delivery Team Support, including identifying process improvements, training delivery personnel on methodologies/tools and quality topics, and mentoring delivery personnel Develop industry-wide service line thought leadership through:
- -Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, tools, blog posts, etc.
- -Developing and delivering industry specific training, webinars
- -Speaking/presenting at conferences
- Support management of client satisfaction at all phases of the client relationship
- Ensure continuous professional development by maintaining industry specific certifications
- Maintain strong depth of knowledge in the practice area
- Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables
- Establish strong account relationships and identifies upsell and cross sell opportunities and escalates to sales
- Perform interviews and provide feedback of potential new hires Assist with project scoping calls
- Participate in project resource planning
What You'll Bring
- Expert knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges, and solutions
- Expert knowledge of the typical enterprise risk and security operational practices
- Expert knowledge of information security related solutions, tools, and utilities
- Experience in strategy development, setting direction for team members, influencing both internally and externally
- Experience building common compliance frameworks as well as mapping between different compliance requirements
- Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc.
- Expert experience with risk assessment methodologies and risk reporting
- Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience
- Strong verbal and written communications skills are a must, as well as the ability to work effectively across internal and external organizations and virtual teams
- Exceptional interpersonal and communication skills and an executive presence
- Ability to think strategically about business, product, and technical challenges.
- Strong initiative
- Ability to speak to External Auditors to resolve issues, non-conformities, and exceptions 7+ years of experience working with more than two of the following:
- ISO (International organization for Standardization)
- SOC (System and Organization Controls)
- CSF HITRUST (Common Security Framework-Health Information Trust Alliance)
- PCI (Payment Card Industry)
- CSA (Cloud Security Alliance)
- Health Insurance Portability and Accountability Act (HIPAA) Education/Certifications:
- Bachelor's degree in (four-year college or university) in IT, computer science, or business, or equivalent combination of education and work experience
- CCSK certification, HITRUST CCSFP or ISO Lead Auditor certification
- One additional technical cloud certification (AWS, Google, Azure or similar) or security (CISSP, CRISC, CISA, CISM, or equivalent) certification
- Big Four Advisory/Consulting Experience