Principal, Healthcare Advisory

About Coalfire

Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world.

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

Position Summary

Principal Consultant is a Highly Technical, Individual Contributor role.

The Principal Consultant – Healthcare Advisory is a senior individual contributor and subject matter expert (SME) responsible for leading complex healthcare advisory engagements across governance, risk, compliance, and resilience. This role specializes in healthcare regulatory environments and supports healthcare organizations in building scalable, defensible, and sustainable security and compliance programs.

Principal Consultants serve as trusted advisors to healthcare executives and delivery leaders, leading engagements that span HIPAA, HITECH, CMS (MARS‑E, ARC‑AMPE), HITRUST, NIST, and healthcare‑specific cybersecurity and operational resilience frameworks. This role combines deep healthcare domain knowledge with strong advisory, delivery, and thought‑leadership responsibilities.

The Principal Consultant is expected to leverage experience across three domains:

Client Advisory & Healthcare Expertise
1. Partner with healthcare organizations (providers, payers, digital health, medical device manufacturers, public health agencies) to evaluate cybersecurity posture, regulatory compliance, and operational risk.
2. Serve as a trusted advisor delivering actionable recommendations aligned to healthcare regulations, patient safety considerations, and operational realities.
3. Translate complex regulatory and security requirements into practical, implementable solutions.

Delivery Leadership & Mentorship
4. Lead complex healthcare advisory engagements and provide quality control and peer review for delivery teams.
5. Mentor consultants and senior consultants within the Healthcare Advisory practice.
6. Support methodology development and continuous improvement across healthcare offerings.

Practice Growth & Thought Leadership
7. Contribute to healthcare‑specific thought leadership through whitepapers, blogs, webinars, and conference presentations.
8. Support sales, marketing, and solution development for Healthcare Advisory services.
9. Serve as an internal SME for healthcare regulatory, compliance, and risk topics.

What You'll Do:
• Healthcare Advisory Delivery
• Lead healthcare Governance Risk and Compliance and advisory engagements including:
• HIPAA and HITECH advisory
• CMS SSPP development and regulatory alignment (MARS‑E, ARC‑AMPE)
• Incident Response and Disaster Recovery advisory
• Business Impact Analysis (BIA) and Resiliency Planning
• Business Continuity Planning and Downtime Playbooks
• Healthcare Risk Management and GRC program development
• Vendor Risk Management (C‑SCRM) for healthcare
• Scope and lead client engagements, including pre‑sales support, discovery, onsite/remote delivery, and executive briefings.
• Conduct executive‑level interviews and stakeholder workshops with healthcare leadership, IT, compliance, and clinical stakeholders.
• Develop and review healthcare‑specific deliverables such as policies, procedures, plans, playbooks, gap analyses, and advisory reports.

• Leadership & Collaboration
• Serve as the Healthcare Advisory SME for escalations, sales support, and solution development.
• Collaborate with Project Managers, Directors, Engineering, and Sales teams to ensure delivery excellence and client satisfaction.
• Identify upsell and cross‑sell opportunities within healthcare accounts and partner with sales teams.

• Practice & Capability Development
• Develop healthcare‑specific methodologies, templates, tools, and accelerators.
• Provide training and mentorship to delivery personnel on healthcare regulations, frameworks, and advisory methodologies.
• Maintain awareness of evolving healthcare regulations, cybersecurity threats, and industry best practices
• Travel up to 20%

What You'll Bring:
• 7+ years in cybersecurity, GRC, compliance, risk management, or data privacy roles.
• Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required.
• ISO/IEC 27001 Lead Auditor
• CISSP
• CISM or CISA
• Experience in healthcare environments, including providers, payers, medical devices, or digital health.
• Experience leading advisory engagements such as IR, DR, BIA, BCP, risk remediation, and policy development.
• Proven ability to write clear, executive‑ready healthcare advisory documentation.
• Experience mapping and integrating multiple regulatory and compliance frameworks.
• Executive‑level communication skills with the ability to engage CIOs, CISOs, Compliance Officers, Privacy Officers, and healthcare leadership.
• Strong healthcare regulatory and cybersecurity advisory skills.
• Ability to translate regulatory requirements into operational and technical guidance.
• Strategic thinking and consultative problem‑solving mindset.
• Strong initiative and ability to lead independently.

• Demonstrated experience with healthcare regulations and frameworks, including:
• HIPAA/ HITECH
• CMS MARS‑E and/or ARC‑AMPE
• HITRUST CSF
• NIST 800‑series frameworks

Bonus Points:
• Big Four or large consulting firm experience.
• Experience supporting healthcare cloud environments or DevSecOps initiatives.
• HITRUST Certified CSF Practitioner (CCSFP)
• CIPP/US
• ISO 22301 Lead Auditor
• Cloud certifications (AWS, Azure, GCP)

Why You’ll Want to Join Us

At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.

Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at [email protected].