Lead Principal, ISO/SOC2 Technical Risk and Controls Advisory

What You'll Do

• Manage a team of 5-9 senior team members or “principals”.
• Work with industry and regulatory bodies to share information security technical and non-technical expertise.
• Lead the GRC Advisory Change Advisory Board (CAB) and own the prioritization and tracking of stated action items.
• Own and maintain the technical quality assurance (QA) processes for the GRC Advisory practice.
• Lead scoping workshops within complex clients engagements. This includes leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements.
• Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs.
• Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, internal audits, risk assessments, etc.
• Manage complex delivery engagements by providing project status updates to applicable stakeholders, delegating tasks to team members and ensuring completion, identifying showstoppers and roadblocks to project success, etc.
• Collaborate with Coalfire engineering, support, and business teams to convey partner and customer feedback.
• Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue.
• Provide Delivery Team Support, including identifying process improvements, training delivery personnel on methodologies/tools and quality topics, and mentoring delivery personnel.
• Development of industry-wide service line thought leadership through: Authoring: methodologies, templates, white papers, work instructions, guidelines, forms, tools. Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars
• Support management of client satisfaction at all phases of the client relationship.
• Ensure continuous professional development by maintaining industry specific certifications.
• Maintain strong depth of knowledge in the established practice area and emerging standards in order to  maintain and support growth in the business.
• Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables.

What You'll Bring

• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role.
• 5+ years of experience managing senior individual contributors in a cybersecurity or compliance functional area.
• CISSP or CISM or CISA or CCSP or equivalent
• In addition, dependent on the framework(s) you will be supporting you must have one or more of the following:
• At least one or more of the “preferred” certifications: AWS, Azure, GCP certification(s), ISO Lead Auditor, ISO Lead Implementor
• Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business, or equivalent experience required.
• Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges, and solutions.  
• Knowledge of compliance and risk standards/frameworks and professional practices (e.g., NIST, ISO, SOC, HITRUST, HIPPAA, ISMAP, IRAP, etc.).  
• Knowledge of the typical enterprise risk and security operational practices.  
• Knowledge of information security related solutions, tools, and utilities.  
• Experience in strategy development, setting direction for team members, influencing both internally and externally.
• Experience building common compliance frameworks as well as mapping between different compliance requirements.
• Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc.
• Experience providing basic technical security advice for cloud environments (AWS, Azure, Google Cloud Platform (GCP)).
• Experience with risk assessment methodologies and risk reporting for executive leadership.
• Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.
• 7+ years of experience working with at least two (2) of the following groupings of standards:
• o   National Institute of Standards and Technology (NIST) frameworks (800 series)
• o   ISO Suite of Standards (27001, 27701, 42001, 27017, 27018)
• o   SOC1, SOC2
• o   Global: IRAP, ISMAP, ENS, Cyber Essentials, BSI C5 , etc.
• o   Healthcare: HITRUST, HIPAA, MARS-E, ARC-AMPE
• Strong verbal and written communications skills are a must, as well as the ability to work effectively across internal and external organizations and virtual teams.
• Exceptional interpersonal and communication skills and an executive presence - comfortable talking with CIOs, CTOs and CISOs about complex security issues.
• Ability to think strategically about business, product, and technical challenges.
• Strong initiative and ownership.
• Strong organization skills to keep multiple priorities.

Bonus Points

• Big Four Advisory/Consulting Experience
• AWS, Azure, GCP certification(s). 
• ISO Lead Auditor
• ISO Lead Implementor
• Masters Degree in Computer Science, Information Systems Management, Information Security, Business, or equivalent experience required.