Senior Consultant

Company: Coalfire

Location: Chicago, Illinois (Offices across the U.S. and U.K.)

About Coalfire:
Coalfire is dedicated to making the world a safer place by tackling our clients' toughest cybersecurity challenges. We operate at the forefront of technology, providing expert advice, assessments, and automation to help companies navigate the complex cybersecurity landscape. We are a team of passionate problem-solvers, thought leaders, and cybersecurity experts committed to learning, growth, and making a significant impact.

Position Summary:
As a Senior Consultant, you will assess the security and compliance of client firms against regulatory requirements, industry standards, and best practice frameworks. You will leverage your expert understanding of framework requirements to perform audits and assessments, developing comprehensive reports for clients. This role involves close collaboration with Project Managers, Directors, and Delivery team members to ensure effective project timeline and deliverable management. You will enhance client security postures by evaluating technology controls and identifying performance improvement opportunities. As a senior team member, you will also contribute to refining engagement methodologies, improving internal processes, and overseeing the work of junior staff.

This role specifically facilitates Security Control Assessments and advanced monitoring activities, often within cloud environments. Success requires a strong grasp of both technical and non-technical security controls and various testing methodologies. You will work within a team atmosphere, taking ownership of assigned technical sections and delivering client-ready reports.

What You’ll Do:

• Lead audits and assessments, including audit plan preparation, evidence review, procedure evaluation, and client interviews, with a primary focus on SOC 2, followed by SOC 1 and C5 audits.
• Maintain deep knowledge in one or more cybersecurity frameworks.
• Prepare, review, and approve assessment reports.
• Manage project priorities, tasks, and hours in coordination with the project manager to achieve utilization targets.
• Ensure timely delivery of high-quality products and services.
• Escalate client and project issues to management promptly.
• Mentor Associates and Consultants in audit, assessment, technical review, and writing.
• Interface with clients at all levels throughout engagements.
• Establish and maintain positive, collaborative client relationships.
• Pursue continuous professional development and maintain industry certifications.
• Collaborate with project managers, quality management, sales, and delivery teams to drive customer satisfaction.
• Identify upsell and cross-sell opportunities and escalate to sales.
• Draft audit programs tailored to regulatory objectives and client environments.
• Lead client interviews and walkthroughs to assess conformity against stated requirements.
• Communicate assessment status effectively to internal teams and external clients.
• Assess security vulnerabilities against appropriate security frameworks.
• Corroborate conclusions with clients, ensuring diligent interview notes are captured.
• Conduct offline and remote evidence inspection of client documentation.
• Educate clients on compliance activities and their implications.
• Apply quality standards and adhere to minimum benchmarks for quality assurance.
• Provide value-added advice to customers on issues affecting their scope of work.
• Develop documentation and author recommendations to improve customer security posture.
• Travel: Up to 20%

What You’ll Bring:

• Bachelor’s degree in Information Systems, CIS, MIS, IT, or equivalent combination of education and work experience.
• 3-5 years of experience in security frameworks and regulatory requirements (e.g., SOC 2, C5, SSPA, ISO, NIST, COBIT, HIPAA/HITECH, HITRUST, PCI).
• Ability to evaluate the design and effectiveness of technology controls.
• Demonstrated ability to structure and lead projects successfully.
• Strong written and verbal communication skills, with the ability to instill confidence.
• Excellent consulting skills, with the ability to advise, challenge, and build strong relationships.
• Ability to build high-trust relationships quickly.
• Strong personal initiative to manage time effectively and meet deadlines.
• Ability to shift focus frequently while maintaining quality.
• Skill and willingness to train and mentor junior staff.
• Proficient computer and typing skills for rapid data collection.
• Ability to facilitate meetings for small or large groups.
• Public speaking and executive presence.
• Inquisitive and curious nature with the ability to probe for deeper information.
• Diplomatic and broad-minded approach.
• Strong technical research skills.

Bonus Points:

• Relevant CSP certifications (e.g., AWS Solutions Architect).
• Information security certifications (e.g., CCSK, Security+, CISSP, CISM, Certified ISO 27001 Lead Implementer).
• Audit certifications (e.g., CISA, GSNA, Certified ISO 27001 Lead Auditor/Internal Auditor, IRCA ISMS Auditor or higher, CIA).
• Experience with cloud computing environments (AWS, Azure, GCP).

Compensation:
$86,000 - $148,000 per year (Salary is an estimate based on national averages and will be determined by factors such as education, location, training, licensure, certifications, and other relevant qualifications. May be eligible for annual incentive, commission, and/or recognition programs.)

Why Join Us:
At Coalfire, we offer a supportive environment for professional and personal growth. We provide flexible work models, prioritizing connection and well-being. Enjoy opportunities to join employee resource groups, participate in events, and access competitive benefits including paid parental leave, flexible time off, certification and training reimbursement, digital mental health support, and comprehensive insurance options.

Coalfire is an equal opportunity employer committed to diversity, inclusion, and pay equity. Reasonable accommodation is available for individuals with disabilities. Please contact [email protected] for assistance.

Note: AI tools may be used to assist in the hiring process, but final hiring decisions remain human-led.