Principal - GRC Advisory

March 18

Apply Now

Receive Emails with Similar Jobs

Coalfire

WebsiteLinkedInAll Job Openings

Coalfire is a cybersecurity services provider that helps businesses improve their security resilience and streamline regulatory compliance. The company offers expert-led services, including threat-focused cybersecurity programs, compliance automation, risk management, and security advisory services across various industries such as financial services, healthcare, retail, and technology. Coalfire is known for its hacker and defender expertise, and its platforms are designed to fortify clients' cyber resilience, reduce attack surfaces, and accelerate the achievement of compliance objectives like FedRAMP and HITRUST.

IT Audits and Risk Asessments • Penetration Testing • PCI-DSS / PA-DSS Compliance Assessments • HIPAA / HITECH / HITRUST Assessments • FFIEC Controls Assessments

1001 - 5000 employees

Founded 2001

🔒 Cybersecurity

📋 Compliance

🏢 Enterprise

📋 Description

• Coalfire is on a mission to make the world a safer place by solving clients’ hardest cybersecurity challenges. • Work at the cutting edge of technology to advise, assess, automate, and navigate the ever-changing cybersecurity landscape. • As a Principal Consultant on the ISO/SOC Advisory team, you'll serve as a Compliance Advisory subject matter expert (SME). • Evaluate and enhance security of complex systems impacting risk and compliance for organizations. • Mentor and develop team members to help grow their capabilities. • Engage outwardly into the community through blog posts, technical white papers, and conference speaking engagements.

🎯 Requirements

• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role. • Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges and solutions. • Knowledge of strategy, privacy and risk standards/frameworks and professional practices (NIST, ISO, CIS Top 20, ISSA, CSA CMM, Privacy by Design and FAIR, etc.). • Knowledge of the typical enterprise risk and security operational practices. • Knowledge of information security related solutions, tools and utilities. • Experience in strategy development, setting direction for team members, influencing both internally and externally. • Experience building common compliance frameworks as well as mapping between different compliance requirements. • Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc. • Hands-on technical expertise is nice to have due to the technical components of the frameworks that are worked with. • Experience with risk assessment methodologies and risk reporting for executive leadership. • Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience. • 7+ years of experience working with one or more of the following: • Payment Card Industry (PCI) Council's Payment Card Industry Data Security Standard (PCI DSS) • ISO/IEC 27001:2022 • ISO 9001:2015 • System and Organization Controls (SOC) 2 • National Institute of Standards and Technology (NIST) frameworks (800 series) • HITRUST framework • Health Insurance Portability and Accountability Act (HIPAA) • Health Information Technology for Economic and Clinical Health Act (HITECH) • Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required. • CISSP • CISM or CISA • In addition, dependent on the framework(s) you will be supporting you must have one or more of the following: • ISO: ISO/IEC 27001 Lead Auditor/Implementer • Certified CSF Practitioner (CCSFP) • PCI: Qualified Security Assessor (QSA)

🏖️ Benefits

• Paid parental leave • Flexible time off • Certification and training reimbursement • Digital mental health and wellbeing support membership • Comprehensive insurance options