Principal

at Coalfire
💰 $104k-$179k
🇺🇸 United States - Remote
🔒 Cybersecurity🟡 Principal

Job description

About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

Position Summary

As a Principal Consultant on our ISO/SOC Advisory team, you’ll be considered a Compliance Advisory subject matter expert (SME) in a particular technical area e.g. evaluating/assessing the security and compliance of client firms/services against regulatory and industry requirements and standards, and against security best practice frameworks, etc.

You will lead a variety of GRC framework engagements (such as environment scoping, gap analysis, training workshops, policy and procedure development) for framework compliance. Assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks, Principal Consultants are considered a Compliance Advisory subject matter expert (SME), and are a lead role in advising clients in cybersecurity program transformation activities. This role will have a strong understanding of cybersecurity frameworks (program, risk, and controls) and advisory services necessary for a successful audit against those frameworks.  The Principal Consultant will lead interviews with client staff, analyze documents, and develop reports for clients. They will also provide quality control and peer review to other members of the delivery staff. They will work closely with Project Managers, Directors and other Delivery team members to effectively manage project timelines and deliverables.

The Principal Consultant (SME) is expected to leverage their technical and business experience across three (3) domains, including:

1. Partner with clients to evaluate the security posture of their complex systems and to ensure alignment with regulatory compliance and effective risk management strategies. Serve as a trusted advisor by delivering actionable, best-practice recommendations to address security gaps and mitigate vulnerabilities. Collaborate with stakeholders across organizations to foster trust and promote a proactive culture of security improvements to achieve long-term security objectives.

2. Mentor and develop team members to help grow the team and its capabilities

3. Engage outwardly into the community through blog posts, technical white papers, forum participation and conference speaking engagements. Engage inwardly to support business and practice growth by developing Sales/Marketing collateral, innovating delivery methodologies and tools, train/mentor colleagues and serve as the SME for all topics related to your technical or compliance area of expertise

Principal Consultant is a Highly Technical, Individual Contributor role.

What You’ll Do

  • Work with industry and standards bodies to provide information security technical and non-technical expertise.
  • Work with other teams within Coalfire to drive customer success.
  • Scope and lead on-site engagements with clients. This includes leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements.
  • Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs.
  • Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc.
  • Collaborate with Coalfire engineering, support and business teams to convey partner and customer feedback.
  • Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue.
  • Provide Delivery Team Support, including: identifying process improvements, training Delivery personnel on methodologies/tools and quality topics, and mentoring Delivery personnel.
  • Development of industry-wide service line thought leadership through:

Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, and tools

Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars

  • Ensure continuous professional development by maintaining industry specific certifications.
  • Maintain strong depth of knowledge in the practice area including being able to provide technical recommendations for clients to mitigate risks and implement controls in-line with framework requirements
  • Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
  • Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales
  • Travel is typically up to 20%
  • Ability to be successful when working remotely.

What You’ll Bring

  • 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role including 3+ years of experience working with ISO/IEC 27001:2022 and/or System and Organization Controls (SOC) 2
  • 7+ years of experience working with two or more of the following:
  • ISO/IEC 27001:2022
  • ISO/IEC 27701:2019
  • ISO 22301:2019
  • ISO/IEC 42001:2023
  • ISO 9001:2015
  • System and Organization Controls (SOC) 2
  • National Institute of Standards and Technology (NIST) frameworks (800 series)
  • CCSP
  • HITRUST CSF
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Centers for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchange (MARS-E) or Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE)Bachelor’s Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required.
  • Bachelor’s Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required.
  • Strong verbal and written communications skills are a must, as well as the ability to work effectively across internal and external organizations and virtual teams.
  • Exceptional interpersonal and communication skills and an executive presence - comfortable talking with CIOs, CTOs and CISOs about complex security issues.
  • Ability to think strategically about business, product, and technical challenges.
  • Strong initiative.
  • A strong work ethic, thirst for knowledge, enthusiasm for tacking new challenges, and a “we, not I” mentality when it comes to teamwork and the achievement of organizational goals.
  • Knowledge of the latest information risk, security and compliance innovations, trends, challenges and solutions to provide best-practice recommendations.
  • Experience in leveraging security best practices and/or standards (NIST, ISO, CIS Top 20, ISSA, CSA CMM) to solve problems for GRC programs.
  • Demonstrated depth of security understanding in various sub domains such as encryption, business continuity, disaster recovery, identity and access management, incident response, change management, etc.
  • Problem solving skills that contribute to the development of consultative solutions for unique client requirements.
  • Experience building common compliance frameworks as well as mapping between different compliance requirements.
  • Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.
  • Proven ability in strategic consulting and influencing executive level decision makers both internally and externally.
  • Experience leading discussions on the relationship between security, risk management, compliance, and sales/marketing.
  • One or more of the following certifications:
  • ISO: ISO/IEC 27001, ISO/IEC 27701:2019, ISO/IEC 42001:2023, and/or ISO 22301:2019 Lead Auditor/Implementer
  • CISSP
  • CISM or CISA
  • HITRUST Certified CSF Practitioner (CCSFP)
  • CIPP/US

Bonus Points

  • Big Four Advisory/Consulting Experience
  • DevSec Ops Experience
  • AWS, Azure, Google Cloud Platform certification(s).
  • OpenFair or related certification, CCBP
  • Vendor certifications for applicable product solution sets

$104,000 - $179,600 a year

The salary range listed is a reasonable estimate of the compensation range for this role based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs.

#LI-HW1

#LI-Remote

Why You’ll Want to Join Us

At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.

Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at [email protected].

Share this job:
Please let Coalfire know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Coalfire logo

Coalfire

Cybersecurity and Compliance Services

  • 1001-5000 employees
  • Founded in 2001
  • 16 remote jobs
View all jobs

Latest Jobs at Coalfire

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply