Coalfire has a current opening for an IT Audit Manager to lead IT audit teams in our Boulder, Colorado office. A mandatory combination of IT Security Audit experience, engagement management, customer communication, and IT security technical skills is required to successfully fulfill current requirements.

Lead an audit team to perform IT security audits primarily for Sarbanes Oxley, Payment Card Industry (PCI), HIPAA and GLBA compliance. Establish control criteria to evaluate and document controls deployed at client sites, identify gaps in compliance with control criteria, recommend remediation activities to assist clients in achieving compliance. Consolidate all control documentation and test results in a cohesive audit report and present (verbally and written) the results of the audit to senior management at the client company. Provide front-line expertise and technical support to our sales team to cultivate clients and develop business.

Some travel is required but the company desires to continue its tradition of providing a balance between professional and personal objectives. Compensation will include a combination of salary and performance based incentive payments. As a rapidly growing services firm, equity incentives will also be awarded to qualified leaders.

IT security audit or audit management, and client engagement management is required, preferably experience gained with professional services firms. The successful applicant must be able to convey complex technical and regulatory compliance concepts to executive-level clients and stakeholders and must be able to manage a team of mid-level and junior-level IT security auditors.

Knowledge of applicable IT security and governance laws, regulations, and policies that impact a particular industry sector is required, as well as experience with relevant IT control, frameworks, objectives and associated audit methodologies. Experience with PCI Data Security Standards (DSS) is desirable.

Technical knowledge of enterprise-level IT security environments, including network security architecture, firewall architecture, cryptography, intrusion detection, prevention and incident response systems ,and identity management and access control devices and procedures. Mainframe auditing and enterprise line of business application assessment experience is valuable. The successful candidate must also be prepared to work in an entrepreneurial environment. Each manager will be assigned an existing practice and will be expected to grow the practice. Compensation and equity sharing is aligned to practice growth.

A major IT security/audit certification including CISSP, CISA or CISM is required.

Qualified Security Assessor (QSA) or Qualified Payment Application Security Professional (QPASP) certification is strongly desired, but not required.

Please submit resumes to: