Principal – Fedramp Advisory

Principal – Fedramp Advisory

Requirements

• Bachelor’s degree in computer science, Information Systems Management, Information Security, Business, or equivalent experience required.
• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role.
• Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges, and solutions.
• Knowledge of strategy, privacy and risk standards/frameworks and professional practices (e.g., NIST, ISO, CIS Top 20, ISSA, CSA CMM, Privacy by Design and FAIR, etc.).
• Knowledge of the typical enterprise risk and security operational practices.
• Knowledge of information security related solutions, tools, and utilities.
• Experience in strategy development, setting direction for team members, influencing both internally and externally.
• Experience building common compliance frameworks as well as mapping between different compliance requirements.
• Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc.
• Hands-on technical expertise is nice to have due to the technical components of the frameworks that are worked with.
• Experience with risk assessment methodologies and risk reporting for executive leadership.
• Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.
• 7+ years of experience working with one, more, or a combination of the following: National Institute of Standards and Technology (NIST) frameworks (800 series), FISMA, FedRAMP, DoD RMF, GovRAMP (StateRAMP), CMMC.
• REQUIRED CERTIFICATIONS: CISSP or CISM or CISA or CCSP or equivalent.

Responsibilities

• Work with industry and standards bodies to provide information security technical and non-technical expertise.
• Work with other teams within Coalfire to drive customer success.
• Scope and lead on-site engagements with clients, including leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements.
• Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs.
• Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc.
• Manage delivery engagements by providing project status updates to applicable stakeholders, identifying showstoppers and roadblocks to project success, etc.
• Collaborate with Coalfire engineering, support, and business teams to convey partner and customer feedback.
• Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue.
• Provide Delivery Team Support, including identifying process improvements, training delivery personnel on methodologies/tools and quality topics, and mentoring delivery personnel.
• Development of industry-wide service line thought leadership through authoring methodologies, templates, white papers, work instructions, guidelines, forms, tools.
• Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars.
• Support management of client satisfaction at all phases of the client relationship.
• Ensure continuous professional development by maintaining industry specific certifications.
• Maintain strong depth of knowledge in the practice area.
• Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales.

Preferred Qualifications

• Big Four Advisory/Consulting Experience
• DevSec Ops Experience
• PREFERRED CERTIFICATIONS: AWS, Azure, Google Cloud Platform certification(s), OpenFair or related certification, CCBP, Vendor certifications for applicable product solution sets.