Senior Consultant, Healthcare Advisory

About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. 
And we’re growing fast.
We’re looking for a Senior Consultant to support our Healthcare Advisory team. 
Position Summary
The Senior Consultant leads enterprise engagements identifying gaps, advising, developing compliance documentation, and evaluating the security and compliance of client systems and services to meet regulatory and industry requirements and standards, and against security best practice frameworks. This role will have a proficient understanding of framework requirements, perform security evaluations and/or consulting, and develop reports for clients. They will also provide quality control and peer review to other members of the delivery staff. They will work closely with Project Managers, Directors and other Delivery team members to effectively manage project timelines and deliverables. 

What You'll Do

• Lead advisory projects including workshops, gap analyses, system security plan development, policies and procedures development, risk assessments, and other consulting services as required. 
• Prepare, review and approve compliance documentation and/or reporting. 
• Collect and interpret information provided by clients, map to appropriate requirements and determine overall level of compliance.
• Manage priorities, tasks and hours on projects in cooperation with the project manager to achieve delivery utilization targets. 
• Ensure quality products and services are delivered on time. 
• Escalate client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue. 
• Provide mentorship to team members in areas of information technology, compliance, consulting, technical review and writing.  
• Interfaces with clients through entire engagement, interacting with all levels of client organizations.
• Establish and maintain positive collaborative relationships with clients and stakeholders  
• Ensure continuous professional development by maintaining industry specific certifications.
• Maintain strong depth of knowledge in the practice area.  
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.  
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales. 
• Develop technical content, such as plans, procedures, and policies, etc., that will be used by clients to assist them in elevating/building out their security programs for system authorization or security assessments.
• Deliver projects to build out compliance roadmaps, architecture guidance, gap remediation, etc.
• Lead IT system security consultation within cloud-based and on-premises environments in accordance with NIST SP 800-53, 800-37, OMB, ISO, HITRUST, HIPAA, PCI, or other authoritative IT security guidance. 
• Define system boundaries in accordance with FedRAMP and/or NIST requirements.
• Develop, review, and/or update System Security Plans, Configuration Management, IT Contingency, Incident Response Plans, Information System Security Policies, Rules of Behavior, Privacy Impact Analyses, and FIPS 199 categorization in accordance with NIST requirements.
• Develop, review, and /or update ISO, HITRUST, HIPAA, or PCI related documentation and prepare customers for associated assessments.
• Identify information security problems and challenges, researching and developing technical solutions to rectify them. 
• Interpret and provide guidance on all FedRAMP security controls.
• Travel 25% - 60%

What You'll Bring

• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience 
• Strong Consulting skills; ability to advise and challenge the status que while building strong relationships 
• Ability to build high-trust relationship and credibility quickly 
• Strong attention to detail  
• Strong problem solving, decision making, organizational and analytical skills  
• Ability to prioritize and manage multiple initiatives/projects.  
• Ability to be self-driven and have strong independent initiative.    
• Strong excel skills with ability to develop worksheets with complex formulas  
• Ability to facilitate meetings to small or large groups 
• Diplomatic and broad minded 
• 3+ years of experience as a consultant within professional IT services 
• Experience with virtualization or cloud technologies 
• Experience with client-server and traditional on-premises architecture 
• Familiarity with statutes and regulations across multiple industries relevant to IT (e.g. SOX 404, HIPAA, FedRAMP, Patriot Act) 
• Knowledge of information security related solutions, tools, and utilities 
3+ years of experience working with one or more of the following: 
• Payment Card Industry (PCI) Council's Payment Card Industry Data Security Standard (PCI DSS)
• ISO/IEC 27701:2019 (and/or its mapped references ISO/IEC 29100:2011, ISO/IEC 27018:2019)
• ISO/IEC ISO/IEC 9001:2015
• System and Organization Controls (SOC) 2
• National Institute of Standards and Technology (NIST) frameworks (800 series)
• HITRUST framework
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health Act (HITECH)
• FISMA
• FedRAMP
• DoD RMF 
Dependent on the framework(s) you will be supporting you must have one or more of the following:
• ISO:  ISO/IEC 27001 Lead Auditor
• Healthcare:  Certified CSF Practitioner = CCSFP
• PCI:  Qualified Security Assessor (QSA)
• FedRAMP:  At least one of the “preferred” certifications listed below.
Education:
• Bachelor's degree (four-year college or university) in IT or business, or equivalent combination of education and work experience 

Bonus Points

• Preferred certifications:
• Security+
• CCSFP
• HCISPP
• Certified Information Systems Auditor (CISA)
• Certificate of Cloud Security Knowledge (CCSK)
• ISO 9001:2015 Lead Auditor
• Certified Information Systems Security Professional (CISSP)
• Certified Information Privacy Professional (CIPP/US) 
• CAP
• CISM
• CCSP
• CRISC
• CCISO
• AWS/GCP/Azure specific certifications

Why you'll want to join us
At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.
Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like flexible time off, certification and training reimbursement, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $86,000 to $148,000 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs.