Principal, Healthcare Advisory

Coalfire

About The Position

Coalfire is on a mission to make the world a safer place by solving our clientsâ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world. But thatâs not who we are â thatâs just what we do. We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. Position Summary Principal Consultant is a Highly Technical, Individual Contributor role. The Principal Consultant â Healthcare Advisory is a senior individual contributor and subject matter expert (SME) responsible for leading complex healthcare advisory engagements across governance, risk, compliance, and resilience. This role specializes in healthcare regulatory environments and supports healthcare organizations in building scalable, defensible, and sustainable security and compliance programs. Principal Consultants serve as trusted advisors to healthcare executives and delivery leaders, leading engagements that span HIPAA, HITECH, CMS (MARSâE, ARCâAMPE), HITRUST, NIST, and healthcareâspecific cybersecurity and operational resilience frameworks. This role combines deep healthcare domain knowledge with strong advisory, delivery, and thoughtâleadership responsibilities. The Principal Consultant is expected to leverage experience across three domains: Client Advisory & Healthcare Expertise 1. Partner with healthcare organizations (providers, payers, digital health, medical device manufacturers, public health agencies) to evaluate cybersecurity posture, regulatory compliance, and operational risk. 2. Serve as a trusted advisor delivering actionable recommendations aligned to healthcare regulations, patient safety considerations, and operational realities. 3. Translate complex regulatory and security requirements into practical, implementable solutions. Delivery Leadership & Mentorship 4. Lead complex healthcare advisory engagements and provide quality control and peer review for delivery teams. 5. Mentor consultants and senior consultants within the Healthcare Advisory practice. 6. Support methodology development and continuous improvement across healthcare offerings. Practice Growth & Thought Leadership 7. Contribute to healthcareâspecific thought leadership through whitepapers, blogs, webinars, and conference presentations. 8. Support sales, marketing, and solution development for Healthcare Advisory services. 9. Serve as an internal SME for healthcare regulatory, compliance, and risk topics.

Requirements

7+ years in cybersecurity, GRC, compliance, risk management, or data privacy roles.
Bachelor's Degree in Computer Science, Information Systems Management, Information Security, Business or equivalent experience required.
ISO/IEC 27001 Lead Auditor
CISSP
CISM or CISA
Experience in healthcare environments, including providers, payers, medical devices, or digital health.
Experience leading advisory engagements such as IR, DR, BIA, BCP, risk remediation, and policy development.
Proven ability to write clear, executiveâready healthcare advisory documentation.
Experience mapping and integrating multiple regulatory and compliance frameworks.
Executiveâlevel communication skills with the ability to engage CIOs, CISOs, Compliance Officers, Privacy Officers, and healthcare leadership.
Strong healthcare regulatory and cybersecurity advisory skills.
Ability to translate regulatory requirements into operational and technical guidance.
Strategic thinking and consultative problemâsolving mindset.
Strong initiative and ability to lead independently.
Demonstrated experience with healthcare regulations and frameworks, including:
HIPAA/ HITECH
CMS MARSâE and/or ARCâAMPE
HITRUST CSF
NIST 800âseries frameworks

Nice To Haves

Big Four or large consulting firm experience.
Experience supporting healthcare cloud environments or DevSecOps initiatives.
HITRUST Certified CSF Practitioner (CCSFP)
CIPP/US
ISO 22301 Lead Auditor
Cloud certifications (AWS, Azure, GCP)

Responsibilities

Lead healthcare Governance Risk and Compliance and advisory engagements including:
HIPAA and HITECH advisory
CMS SSPP development and regulatory alignment (MARSâE, ARCâAMPE)
Incident Response and Disaster Recovery advisory
Business Impact Analysis (BIA) and Resiliency Planning
Business Continuity Planning and Downtime Playbooks
Healthcare Risk Management and GRC program development
Vendor Risk Management (CâSCRM) for healthcare
Scope and lead client engagements, including preâsales support, discovery, onsite/remote delivery, and executive briefings.
Conduct executiveâlevel interviews and stakeholder workshops with healthcare leadership, IT, compliance, and clinical stakeholders.
Develop and review healthcareâspecific deliverables such as policies, procedures, plans, playbooks, gap analyses, and advisory reports.
Serve as the Healthcare Advisory SME for escalations, sales support, and solution development.
Collaborate with Project Managers, Directors, Engineering, and Sales teams to ensure delivery excellence and client satisfaction.
Identify upsell and crossâsell opportunities within healthcare accounts and partner with sales teams.
Develop healthcareâspecific methodologies, templates, tools, and accelerators.
Provide training and mentorship to delivery personnel on healthcare regulations, frameworks, and advisory methodologies.
Maintain awareness of evolving healthcare regulations, cybersecurity threats, and industry best practices

Benefits

In many cases, we provide a flexible work model that empowers you to choose when and where youâll work most effectively â whether youâre at home or an office.
Regardless of location, youâll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities.
Youâll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.
And youâll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume