Principal, FedRAMP Advisory

What You'll Do

• Work with industry and standards bodies to provide information security technical and non-technical expertise.
• Work with other teams within Coalfire to drive customer success.
• Scope and lead on-site engagements with clients. This includes leading pre-sales calls, onsite visits, understanding customer security and compliance requirements and environments, and proposing and delivering packaged offerings or custom solution engagements.
• Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs.
• Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc.
• Manage delivery engagements by providing project status updates to applicable stakeholders, identifying showstoppers and roadblocks to project success, etc.
• Collaborate with Coalfire engineering, support, and business teams to convey partner and customer feedback.
• Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue.
• Provide Delivery Team Support, including identifying process improvements, training delivery personnel on methodologies/tools and quality topics, and mentoring delivery personnel.
• Development of industry-wide service line thought leadership through:
• Authoring methodologies, templates, white papers, work instructions, guidelines, forms, tools
• Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars
• Support management of client satisfaction at all phases of the client relationship.
• Ensure continuous professional development by maintaining industry specific certifications.
• Maintain strong depth of knowledge in the practice area.
• Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales.  
• Travel 20%

What You'll Bring

• Bachelor’s degree in computer science, Information Systems Management, Information Security, Business, or equivalent experience required.
• CISSP or CISM or CISA or CCSP or equivalent
• 7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role.
• Knowledge and awareness of the latest information risk, security and compliance innovations, trends, challenges, and solutions.  
• Knowledge of strategy, privacy and risk standards/frameworks and professional practices (e.g., NIST, ISO, CIS Top 20, ISSA, CSA CMM, Privacy by Design and FAIR, etc.).  
• Knowledge of the typical enterprise risk and security operational practices.  
• Knowledge of information security related solutions, tools, and utilities.  
• Experience in strategy development, setting direction for team members, influencing both internally and externally.
• Experience building common compliance frameworks as well as mapping between different compliance requirements.
• Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc.
• Hands-on technical expertise is nice to have due to the technical components of the frameworks that are worked with.
• Experience with risk assessment methodologies and risk reporting for executive leadership.
• Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.


7+ years of experience working with one, more, or a combination of the following:
• National Institute of Standards and Technology (NIST) frameworks (800 series)
• CMMC
• FedRAMP
• DoD CC SRG and/or RMF 
• FISMA
• GovRAMP (StateRAMP)

Bonus Points

• Big Four Advisory/Consulting Experience
• DevSec Ops Experience 
• CMMC CCP or CCA certification
• AWS, Azure, Google Cloud Platform certification(s). 
• OpenFair or related certification, CCBP 
• Vendor certifications for applicable product solution sets