Chief Information Security Officer, Virtual

Job Description: • Develop and execute client-specific cybersecurity strategies and roadmaps aligned with business objectives. • Establish and lead information security governance programs, including policy frameworks, standards, and procedures. • Communicate risk posture and cybersecurity priorities to client executives and boards in business terms. • Define and manage key performance indicators (KPIs) and metrics for program maturity. • Advise on security risk assessments and gap analyses against frameworks such as NIST CSF, CIS Controls, ISO 27001, or CMMC. • Guide clients through compliance initiatives (e.g., SOC 2, HIPAA, GDPR, PCI DSS). • Identify, assess, and prioritize cybersecurity risks; recommend remediation plans and track progress. • Oversee third-party vendor risk management programs. • Provide leadership over client security operations. • Review security architecture, processes, and operational workflows to ensure best practices. • Coordinate tabletop exercises and incident response planning. • Evaluate security tools and recommend enhancements to clients’ technology stack. • Serve as the primary cybersecurity advisor for assigned clients, maintaining long-term relationships built on trust and measurable outcomes. • Present executive-level security reports and briefings to client stakeholders. • Collaborate with internal technical teams (SOC, Engineering, Compliance) to align delivery with client needs. • Stay current with emerging threats, regulations, and industry best practices to proactively advise clients. • Develop standardized vCISO methodologies, templates, and frameworks for internal use. • Mentor junior staff and contribute to service delivery improvements. • Participate in business development by supporting client proposals, presentations, and renewals. Requirements: • Bachelor’s degree in Cybersecurity, Information Technology, or related field; advanced degree preferred. • 7+ years of progressive experience in information security, including leadership or advisory roles. • Deep understanding of security frameworks such as NIST CSF, SOC2, ISO 27001, CIS Controls, CMMC, and regulatory requirements. • Proven experience designing, implementing, and managing enterprise security programs. • Strong communication and executive presentation skills. • Industry certifications preferred: CISSP, CISM, CISA, CRISC, or similar. • Experience serving multiple clients or working in a consulting/MSSP environment strongly preferred. • Ability to travel to client sites on as needed basis. Benefits: • Health Insurance 80% paid by employer • Dental Insurance 80% paid by employer • Vision Insurance 80% paid by employer • Self-Managed vacation leave • Paid sick leave • Paid holiday leave Apply tot his job