Senior Manager, GRC Advisory

About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.
But that’s not who we are – that’s just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
Position Summary
You will lead a team of consultants, foster client relationships and lead various engagements within the GRC framework. As part of your responsibilities, you will directly manage and mentor 2-5 team members, building a culture of accountability and excellence while nurturing high-trust partnerships with clients and stakeholders across all levels of their organizations throughout the engagement lifecycle. This role requires a deep understanding of compliance framework requirements, including NIST SP 800-53, HITRUST CSF, ISO 27002, SOC 2, and others. You will provide advisory consulting support, develop compliance-related reports and documentation, and ensure quality control through peer reviews of project deliverables. Collaboration will be central to your work, as you’ll partner with sales, quality management, and delivery teams to ensure project timelines and deliverables are met while maintaining strong customer satisfaction. Mentorship and coaching will be key elements of your leadership. You will guide team members in technology, consulting methodologies, technical reviews, and professional writing, ensuring they meet project margin and utilization targets. Additionally, your expertise will contribute to the success of IT system security consultations for both cloud-based and on-premises environments. As a relationship builder, you’ll establish trust with accounts, identify upsell and cross-sell opportunities, and escalate these to the sales team as appropriate. Your ability to cultivate collaborative partnerships will ensure client satisfaction across all engagements. To stay ahead of industry trends, you’ll actively pursue professional development opportunities and encourage continuous updates to team policies, procedures, and training in alignment with best practices. Finally, your strategic contributions will support organizational goals, helping grow the service line and expand the team’s capabilities. By focusing on successful project outcomes and client satisfaction, this role will blend technical expertise, leadership, and strategic vision to drive the success of the GRC Advisory team.

What You'll Do

• Manage priorities and project hours to meet delivery deadlines and achieve utilization targets.
• Escalate client and project challenges promptly to involve necessary resources.
• Maintain communication with client engagement across all levels, fostering collaborative relationships.
• Work with internal teams to ensure customer satisfaction and project success.
• Manage team performance and hiring decisions.
• Mentor and coach team members in consulting methodologies, technical skills, and writing.
• Stay updated on industry developments and maintain relevant certifications.
• Identify and escalate upsell and cross-sell opportunities to the sales team.
• Lead advisory projects, workshops, and compliance-related engagements.
• Conduct evaluations to ensure compliance with security frameworks (e.g., NIST, HITRUST, ISO).
• Develop and review IT security documents, policies, and plans.
• Advise on and improve client security programs and compliance strategies.
• Support system security for cloud and on-premises environments in line with frameworks.
• Create tools and recommendations to enhance client security posture.
• Mentor project teams on compliance methodologies and industry standards.
• Participate in hiring interviews for roles across various levels.
• Maintain strong depth of knowledge in the practice area, seek professional development opportunities, and maintain industry-specific certifications.
• Establish account relationships and identify upsell and cross-sell opportunities, escalating them to sales as appropriate.
• Lead complex and less complex projects, guiding the customer and all resources successfully through the project lifecycle.
• Lead advisory projects from start to finish, including workshops, gap analyses, document development projects, and ad hoc consulting support.
• Execute examination, interview, and test procedures in accordance with compliance advisory security control framework requirements (e.g., NIST SP 800-53A Revision 4, HITRUST CSF, ISO 27002, SOC 2).
• Ensure cybersecurity policies are adhered to and that required controls are implemented.
• Validate information system security plans or policy/procedure documentation to ensure compliance advisory control requirements are met.
• Author recommendations associated with findings to help improve the customer’s security posture.
• Closely follow industry developments and trends to develop and maintain industry-specific policies, procedures, and training.
• Lead IT system security consultations within cloud-based and on-premises environments, following framework-specific security guidance (e.g., NIST SP 800-53, HITRUST CSF, ISO 27002).
• Develop System Security Plans, Configuration Management, IT Contingency and Incident Response Plans, security policies/procedures, and risk assessment plans in accordance with compliance framework requirements.
• Prepare, review, update, and maintain IT Security supporting artifacts.
• Provide guidance to Information System Owners on security matters.
• Identify information security problems and challenges, researching and developing technical solutions to rectify them.
• Demonstrate expertise in control requirements and test procedures of security compliance frameworks (e.g., NIST SP 800-53A Revision 4 and 5, HITRUST CSF, ISO 27002, PCI).
• Ensure cybersecurity policies are adhered to and required controls are implemented; offer recommendations for improvement if controls are not met.
• Validate information system security plans to ensure control requirements are met.
• Develop technical content, such as procedures, policies, risk management tools, etc., to assist clients in building and improving their security programs for system authorization.
• Travel: up to 20%

What You'll Bring

• Minimum of 5 years or more of working experience in information technology, information security, technical assessment, or audits
• Significant knowledge of information governance, risk and security standards/frameworks and professional practices (ISO/IEC 27001:2022, ISO/IEC 27701:2019 (and/or its mapped references ISO/IEC 29100:2011, ISO/IEC 27018:2019), ISO/IEC ISO/IEC 9001:2015, ISO/IEC 42001:2022, Health Insurance Portability and Accountability Act (HIPAA), HITRUST, System and Organization Controls (SOC) 2, or National Institute of Standards and Technology (NIST) frameworks such as NIST SP 800-53 or SP 800-171).
• ISO/IEC 27001 Lead Auditor Certificate
• Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required
• At least one of the following Advanced certifications or equivalent in cybersecurity or cloud: CISSP, CISA, CISM, CCSP, CRISC, and/or cloud specific certification (AWS, GCP, or Azure) or specialty certification in security 
• Significant experience in understanding and applying relevant technical knowledge, the typical enterprise risk and security operational practices, information security related solutions, tools and utilities.
• Knowledge in conducting multi-framework consolidated compliance assessment activities
• Detailed understanding of IT security technologies including network and application security, firewalls, access management, and data protection 
• Experience with virtualization and cloud technologies 
• Experience with client-server and traditional on-premises architecture 
• Familiarity with statutes and regulations across multiple industries relevant to IT  
• Demonstrated ability to lead moderately complex system assessments/consulting engagements independently, to assist team members with proper artifact collection and interviewing clients to ascertain control implementation details, to read and interpret firewall rulesets and to create network/boundary/data flow diagrams and interpret and explain control families
• Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience 
• Strong consulting skills; ability to advise and challenge the status quo while building strong relationships 
• Ability to build high-trust relationship and credibility quickly 
• Ability to lead projects successfully and delegate up and across 
• Strong attention to detail  
• Strong problem solving, decision making, organizational and analytical skills  
• Ability to prioritize and manage multiple initiatives/projects.  
• Ability to be self-driven and have strong independent initiative.    
• Strong excel skills with ability to develop worksheets with complex formulas  
• Ability to facilitate meetings to small or large groups 
• Diplomatic and broad minded 
• Ability to lead teams small to large teams in the assessment and internal environments
• Ability to speak to Cloud Service Providers to resolve issues and come to a conclusion of the assessment

Bonus Points

• Strong knowledge of container-based architecture
• Knowledge of various cloud environments, including AWS, GCP, and Azure.
• ISO 9001:2015 Lead Auditor
• HITRUST CCSFP
• Certified Information Privacy Professional (CIPP/US)
• Big Four Advisory/Consulting Experience
• DevSec Ops Experience.
• AWS, Azure, Google Cloud Platform certification(s).

Why You’ll Want to Join Us
At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.
Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at HumanResourcesMB@coalfire.com.