Senior Consultant, ISO/SOC Advisory | Remote US
About CoalfireCoalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do.We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. And we’re growing fast.We’re looking for a Senior Consultant to support our ISO/SOC Advisory team. Position SummaryYou will perform a variety of ISO/SOC engagements (such as workshops, policy and procedure development) for ISO/SOC compliance. This role will specialize in assessing the readiness for ISO/SOC compliance and providing those advisory services necessary for a successful audit.
What You'll Bring
- You’ll work collaboratively with a team of ISO/SOC advisory assessors as a ISO/SOC advisor and assist with the planning and delivery of those services.
- Be the team lead on engagements against ISO/SOC compliance to provide information security technical and non-technical expertise.
- Work with other teams within Coalfire, and collaborate with the ISO/SOC assessment team, to drive customer success.
- Lead on-site engagements with clients. This includes onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements.
- Develop technical content, such as procedures and policies, risk management tools, etc., that will be used by our clients to assist them in elevating/build out their security programs for ISO/SOC compliance.
- Delivery projects to build out compliance roadmaps, architecture guidance, gap remediation, etc.
What You'll Bring
- 3+ years experience performing and or participating in SOC 2 examinations and ISO/IEC 27001:2013 certifications
- 3+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role
- 3+ years of experience working with any of the following frameworks: Payment Card Industry (PCI) Council's Payment Card Industry Data Security Standard (PCI DSS) , ISO/IEC 27701:2019 (and/or its mapped references ISO/IEC 29100:2011, ISO/IEC 27018:2019), ISO/IEC ISO/IEC 9001:2015, Health Insurance Portability and Accountability Act (HIPAA), HITRUST, System and Organization Controls (SOC) 2, or National Institute of Standards and Technology (NIST) frameworks
- ISO/IEC 27001 Lead Auditor Certificate
- Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required
- Willing to travel up to 50%
Bonus Points
- Certified Information Systems Auditor (CISA), Certificate of Cloud Security Knowledge (CCSK), ISO 9001:2015 Lead Auditor, Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP/US), or Certified Information Security Manager (CISM)