Coalfire · 19 hours ago
Principal, Enterprise, Global, & AI Compliance Advisory
United States
Full-time
Remote
Senior Level, Lead/Staff
$104K/yr - $180K/yr
7+ years expCoalfire is on a mission to make the world a safer place by solving clients’ hardest cybersecurity challenges. The Principal Consultant will lead GRC framework engagements, assess security and compliance, and provide advisory services to clients while leveraging technical expertise in compliance automation and risk management.
Information Technology & Services
Responsibilities
Design and implement automated compliance workflows using leading platforms (UiPath, Vanta, Drata, Archer, etc.)
Develop and maintain Centralized Compliance Frameworks (CCF) to unify multi-framework compliance requirements
Architect scalable compliance solutions integrated with enterprise systems and cloud environments
Experience designing internal controls, designing internal controls assessments, designing sampling methodologies, scoping assessments, planning assessments, and gaining management support
Implement and manage continuous monitoring solutions for real-time compliance and risk visibility
Develop dashboards and reporting mechanisms leveraging data analytics tools (e.g., Snowflake)
Apply prompt engineering techniques and leverage LLMs/AI models to enhance compliance automation and risk analysis
Advise on privacy frameworks (GDPR, CCPA, ISO 27701) and implement data governance strategies
Ensure compliance with global data protection regulations through automated controls and reporting
Develop service delivery models for GRC as a Service
Collaborate with MSP/MSSP teams to design recurring revenue streams and future-of-work strategies for compliance services
Publish technical white papers, blogs, and deliver presentations on GRC engineering and automation trends
Mentor team members on compliance engineering, automation tools, and AI integration
Work with industry and standards bodies to provide information security technical and non-technical expertise
Work with other teams within Coalfire to drive customer success
Scope and lead on-site engagements with clients
Develop technical content, such as security plans, procedures, policies, and white papers that can be used by our clients to assist them in elevating/building out their security and compliance programs
Lead delivery engagements including on-site projects working with clients to build out compliance roadmaps, architecture guidance, gap assessments, etc
Collaborate with Coalfire engineering, support and business teams to convey partner and customer feedback
Serve as the practice subject matter expert (SME) for escalations, sales/marketing support, driving practice profitability and revenue
Provide Delivery Team Support, including: identifying process improvements, training Delivery personnel on methodologies/tools and quality topics, and mentoring Delivery personnel
Development of industry-wide service line thought leadership through: Authoring methodologies, templates, white papers, work instructions, guidelines, forms, and tools
Developing and delivering industry specific training, including speaking/presenting at conferences, creating webinars
Ensure continuous professional development by maintaining industry specific certifications
Maintain strong depth of knowledge in the practice area including being able to provide technical recommendations for clients to mitigate risks and implement controls in-line with framework requirements
Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables
Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales
Qualification
Required
7+ years of experience in an IT security audit, assessment, compliance, risk management, or data privacy role
Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required
Proven experience with GRC automation platforms (UiPath, Vanta, Drata, Archer, OneTrust, Oracle GRC, Hyperproof, or other market competitors, etc.)
Familiarity with GRC as a Service, MSP, and MSSP concepts to build recurring revenue models
A strong work ethic, thirst for knowledge, enthusiasm for tackling new challenges, and a 'we, not I' mentality when it comes to teamwork and the achievement of organizational goals
Strong communication skills with executive presence for CIO/CTO/CISO-level discussions
Knowledge of the latest information risk, security and compliance innovations, trends, challenges and solutions to provide best-practice recommendations
Experience in leveraging security best practices and/or standards (NIST, ISO, CIS Top 20, ISSA, CSA CMM, OWASP, DMBOK, Prosci, GAO Greenbook, COBIT, AICPA/SOC TSCs) to solve problems for GRC programs
Strong knowledge of Centralized Common Compliance Frameworks (CCF) and multi-framework mapping
Experience building common compliance frameworks as well as mapping between different compliance requirements
Demonstrated depth of security understanding in various sub domains such as encryption, business continuity, disaster recovery, identity and access management, incident response, change management, etc
Hands-on experience in systems architecture and integration of compliance solutions
Problem solving skills that contribute to the development of consultative solutions for unique client requirements
Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience
Proven ability in strategic consulting and influencing executive level decision makers both internally and externally
Experience leading discussions on the relationship between security, risk management, compliance, and sales/marketing
3+ years of experience working with ISO/IEC 27001:2022 and/or System and Organization Controls (SOC) 2
7+ years of experience working with two or more of the following: ISO/IEC 27001:2022, ISO/IEC 27701:2019, ISO 22301:2019, ISO/IEC 42001:2023, ISO 9001:2015, System and Organization Controls (SOC) 2, National Institute of Standards and Technology (NIST) frameworks (800 series)
One or more of the following certifications: ISO: ISO/IEC 27001, ISO/IEC 27701:2019, ISO/IEC 42001:2023, and/or ISO 22301:2019 Lead Auditor/Implementer, CISM, CISA, CIPP/US / CIPP/EU, CISSP, CRISC, CDPSE, AAIA, AAIR, AAISM, CGEIT, CCP/CCA
Preferred
Big Four Advisory/Consulting Experience
DevSecOps Experience
CISSP, CISM, CRISC, CDPSE, or CGEIT
HITRUST Certified CSF Practitioner (CCSFP)
CIPP/US / CIPP/EU
ISO 42001 Lead Auditor/Implementer
AWS, Azure, Google Cloud Platform certification(s)
CCSK
AAIA
AAIR
AAISM
OpenFair or related certification, CCBP
Vendor certifications for applicable product solution sets
Benefits
Paid parental leave
Flexible time off
Certification and training reimbursement
Digital mental health and wellbeing support membership
Comprehensive insurance options
Company
Coalfire
Coalfire is the premier Cybersecurity and Compliance Services leader for the tech, healthcare, and finance industries.
Founded in 2001Chicago, Illinois, US
1001-5000 employees
H1B Sponsorship
Coalfire has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3)
2024 (4)
2023 (3)
2022 (6)
2021 (2)
2020 (4)
Funding
Current Stage
Late StageLeadership Team
Tom McAndrew
CEO
Merri Chandler
Chief Financial Officer
Company data provided by crunchbase