About Coalfire
Coalfire is on a mission to make the world a safer place by solving our clients' hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.
But that's not who we are - that's just what we do.
We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.
And we're growing fast.
We're looking for an Associate to support our Global Assurance team.
Position Summary
This role will work as part of a team assessing customer organizations against global regulatory and industry requirements as well as publications released by the International Organization for Standardization (ISO). The team member will initially support experienced project and team leaders and be assigned specific technical and non-technical engagement segments. This role will develop into a practice Engagement Lead that collaborates with Project Managers, Directors, and other delivery team members to effectively manage project timelines, schedules, contracting, resourcing, and work product construction.
An Associate on the Global Assurance team enhances the posture and maturity of customer processes affecting information security and data privacy management through the technical evaluation of governance programs. This role will evaluate both the design and operating effectiveness of technical controls supporting management systems and will help identify improvement opportunities for customers.
What You'll Do

• As part of a team conducts interview and inquiry walkthroughs with client points of contact to determine the conformity of environments against stated requirements
• Responsible party and primary, first-level reviewer of draft audit planning and reporting material provided by support staff throughout the engagement lifecycle
• Works closely with experienced team members to ensure the completeness and accuracy of audit procedures for customer organization scopes
• Pursues and corroborates conclusions derived from inquiry procedures with auditee contacts while ensuring diligent interview notes are captured as a result of direct interactions with customers
• Offline and remote evidence inspection of client-provided documentation with the ability to appropriately mark artifacts requiring follow up or additional clarification from the auditee
• Draft audit programs that sufficiently address both the required objectives of the certification body and the complexity of the client environment
• Adheres to pre-defined project timelines and communicates possible changes to the schedule or scope of work with appropriate internal team members
• Manages priorities and tasks to achieve billable utilization targets established for the role
• Continuous professional development when maintaining subject matter-specific certifications, credentials, and designations
• Collaborates with project managers, quality assurance, and/or other delivery team members to drive customer satisfaction and the timely production of deliverables
• Identifies upsell and cross sell opportunities and escalates to practice management
• Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable supporting engagements
• Establishes and maintains positive collaborative relationships with clients and involved stakeholders
• Provides advice to customers on issues affecting the scope of work in a manner that provides additional value beyond the text described within the audit criteria and learned through exposure with alternate environments
• Remains abreast to regulations or standards that are either in draft or approaching enforcement affecting publications via ISO
• Ability to travel up to 70%, inclusive of both domestic travel within the United States and international assignments.
• Standard office environment (ability to be successful when working remotely 3-4 days per week)
• Passport required

What You'll Bring

• 1-2 years of professional experience, preferably in IT audit or similar role
• Capability to independently research a technical topic and develop logical testing approaches
• Comfort leading interview walkthroughs and inquiry sessions with client points of contact
• Knowledge of current events affecting changes within information security and data privacy practices (e.g., breaches, laws, consent orders and decrees)
• Computer and typing skills that permit rapid data collection during meetings with both internal and external contacts
• Ability to build high-trust relationships, rapport, and credibility quickly with peers and customers
• Strong written and verbal communication skills, including the ability to explain technical concepts to non-technical audiences
• Personal initiatives toward organization, time management, and learning
• Attention for detail and quality processes
• Public-speaking skills set along with an apparent executive presence that solicits attention from audiences
• Inquisitive and curious nature with the ability to effectively probe for deeper information

Bonus Points

• General knowledge and application of audit planning, testing, and reporting procedures
• Prior employment with a "Big 4" professional services firm or an accredited certification body for management systems
• Previous project experience implementing or assessing information assurance frameworks and control sets, such as ISO 27001, ISO 27002, ISO 27017, ISO 27018, ISO 27701, Cloud Controls Matrix (CCM), NIST SP 800-53, and NIST Cyber Security Framework (CSF)
• Hold one of more of the following certifications:
• Certification to any of the following information security schemes in order of relevance: CCSK, CCAK, CISSP, CCSP
• Certification to any of the following audit and assessment schemes in order of relevance: CISA, CISM, CPA, CRISC, ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, ISO 22301 Lead Auditor, ISO 20000-1 Lead Auditor
• Certification to any of the following industry schemes: Amazon Web Services (AWS) Solutions Architect - Associate, AWS SysOps Administrator, Microsoft Azure Solutions Architect - Associate, Microsoft Azure Security Engineer - Associate, Google Cloud Platform (GCP) - Associate Cloud Engineer, GCP Professional Cloud Architect, etc.

Why You'll Want to Join Us
At Coalfire, you'll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you'll work most effectively - whether you're at home or an office.
Regardless of location, you'll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You'll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you'll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.
At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $70,000 to $90,000 based on national salary averages. The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors. You may also be eligible to participate in annual incentive, commission, and/or recognition programs. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
#LI-VP1