• Conduct audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews.
• Assess client provided documentation for compliance with a variety of standards.
• Prepare and review assessment reports.
• Educate and interpret compliance activities for clients.
• Manage priorities and tasks to achieve delivery utilization targets.
• Ensures quality products and services are delivered on time per Coalfire quality standards.
• Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area.
• Collaborates with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish and maintain positive collaborative relationships with clients and stakeholders.
• Ability to lead the majority of interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements.
• Assess security vulnerabilities against the appropriate security frameworks.
• Pursue and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured.
• Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification.
• Understand how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable.
• Provide advice to customers on issues affecting the scope of work in a manner that provides additional value.
• Evaluate the design and effectiveness of technology and business process controls throughout the assessment cycle.

• 3+ years of experience as an IT Consultant, IT auditor, Business Analyst, or similar role.
• In-depth knowledge of audit procedures and IT security.
• Demonstrated competency to independently research a technical topic and develop logical testing approaches.
• Ability to adapt to different working styles and environments, as there may be different needs per project.
• Ability to take initiative without direct instruction as an independent contributor, while being able to transition into collaborative team environments when necessary.
• Strong written and verbal communication skills, with the ability to communicate succinctly and instill confidence with internal stakeholders and external customers.
• Strong personal initiative to appropriately manage time and meet deadlines.
• Strong consulting skills; ability to advise and challenge the status quo while building strong relationships.
• Ability to build high-trust relationship and credibility quickly.
• High attention to detail.
• Ability to facilitate meetings with small or large groups.
• Diplomatic and broad minded.
• Flexibility to work with internal stakeholders and external customers across a multitude of timezones.
• Bachelor's degree (four-year college or university) or equivalent combination of education and experience.
• At least one of the following certifications, such as CISSP, CISA, CISM, or CIA (or willing to obtain one of these certifications within the first year of employment)

• Bachelor's degree in related field (CIS, MIS, IT, or related field).
• Expertise in security and/or compliance frameworks (ISO 27001, PCI DSS, FedRAMP, HIPAA/HITECH, HITRUST, BSI C5, CSA STAR, etc.) and regulatory requirements (SWIFT, FFIEC, GLBA).
• At least one of the following information security certifications (CISSP, CISM, Certified ISO 27001 Lead Implementer) and one of the following audit certifications (CISA, GSNA, Certified ISO 27001 Lead Auditor/Internal Auditor, IRCA ISMS Auditor or higher, CIA).
• At least one cloud-related certification (CCSK, CSAK, foundational CSP certifications, etc.).

PI239587034