Virtual Chief Information Security Officer (vCISO)

Who is the Grayline Group? Grayline brings together experts, data, and solutions to help public agencies and private corporations manage disruptive change. We focus on transportation, urban mobility, smart cities, power, and other catalysts emerging in the global economy. Grayline supports customers as they build the infrastructure, policy and operations to ensure the value is realized from their data streams. We provide strategic counsel, education, and technical guidance on how to employ current and emerging technology with an eye towards connecting any one region’s efforts with those of the broader national and global landscape. We are product and application agnostic; in fact, it is critical that any initiative mitigate the risk of specific products or services failing. Our long run vision is to support the development of a scaled, mature platform for new innovation and creation for enterprise, academia, and governments. More can be found at What is the Opportunity? The Grayline Group is seeking a mission-driven Chief Information Security Officer (CISO) to lead cybersecurity strategy and operations for a public transit system. This executive will protect the safety, reliability, and resiliency of digital infrastructure—including fare collection systems, operational technology (OT), vehicle fleets, customer-facing apps, communications, and critical transportation assets. The ideal candidate understands the unique cybersecurity challenges facing modern transit agencies, such as protecting industrial control systems, maintaining safe and continuous service, supporting emergency response, and securing large, diverse networks with both legacy and modern technologies. This role is a 1099 remote work opportunity for a seasoned Security leader who thrives in challenging environments working with disruptive technologies and industries. This is a 12 month role with the possibility of extension to 36 months and/or a permanent position. What You'll Do Strategic Leadership • Develop and execute an enterprise-wide information security vision, strategy, and roadmap. • Provide executive leadership on cybersecurity risks, trends, and priorities. • Serve as the primary liaison to the Board of Directors and executive team on security matters. • Lead negotiations with vendors for cybersecurity solutions and oversee budgeting processes aligned with strategic priorities. • Manage budgets and vendor relationships in fast-paced settings. • Balance business objectives, technology requirements, and risk management—and who can communicate effectively with both technical teams and senior leadership. • Lead cybersecurity program development across IT, OT, vehicles, facilities, and customer-facing systems. Risk Management & Compliance • Oversee programs for risk assessment, threat modeling, vulnerability management, and incident prevention. • Ensure compliance with relevant standards and regulations (e.g., ISO 27001, NIST CSF, SOC 2, GDPR, HIPAA, PCI-DSS, depending on industry). • Lead enterprise-wide business continuity and disaster recovery planning. • Lead enterprise cyber risk assessments that account for rider safety, operational continuity, and regulatory obligations. • Ensure compliance with frameworks and requirements such as NIST CSF, TSA Security Directives, FTA/FRA guidelines, and state/local mandates. • Manage third-party and vendor security across fare systems, payment processors, software providers, and contractors. Security Operations • Oversee Security Operations Center (SOC), detection and response, digital forensics, and incident response plans. • Ensure effective data protection, identity and access management, and secure architecture practices. • Direct third-party/vendor security risk programs. • Oversee 24/7 cybersecurity monitoring, threat detection, and coordinated incident response activities. • Establish protocols to protect and recover critical transportation operations, including autonomous vehicle, bus, and infrastructure systems. • Lead post-incident analysis, reporting, and service-restoration strategies. Team Leadership • Build, mentor, and manage a high-performing security organization. • Lead and manage a multifunctional, geographically distributed team of client employees and third party providers • Build and mentor a multidisciplinary security team with expertise in IT, OT, and transit-specific technologies. • Promote a safety-driven, security-first culture among operators, engineers, and administrative staff. • Lead cybersecurity training and awareness initiatives across the agency. Technology & Innovation • Analyzes various hardware and/or software solutions recommending purchases and identifying modifications to fit the clients’ cyber security needs • Guide secure adoption of next-generation transit technology, including digital fare systems, autonomous/connected vehicle capabilities, cloud platforms, and passenger information systems. • Evaluate cybersecurity tools, platforms, and services to enhance resilience and operational continuity. • Stay current on transit-sector threat intelligence, ransomware trends, nation-state targeting patterns, and critical infrastructure risks. Who You Are • Proven track record developing and executing enterprise security strategies. • Experience with cloud ecosystems (AWS, Azure) and modern SaaS environments. • Strong communication and executive-level presentation skills. • Self-starters who can work independently, seek out and leverage internal resources when needed, proactively take ownership of their work and career, and drive engagements to provide the value our Customers expect • 10+ years of cybersecurity leadership experience; at least 5 years in an executive or senior management role. • Experience securing critical infrastructure, industrial control systems, or large public-sector environments. • Deep familiarity with NIST frameworks, incident response, security engineering, and cyber risk management. • Strong understanding of OT, SCADA, telecommunications, and complex network environments. • Demonstrated ability to lead cross-functional response during emergencies or service disruptions. • Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field. • Relevant certifications such as CISSP, CISM, CISA, CCISO, GIAC, or similar. A Plus • Experience with autonomous vehicles Where You’ll Work • This position is fully remote. Clients may be anywhere within the United States. The applicant needs to be able to work within the client's time zone needs. Where You’ll Go • This position anticipates up to 10% travel to the client site. Disclaimer This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities, and activities may change, or new ones may be assigned at any time with or without notice. Grayline Group’s Equal Opportunity Employment Commitment The Grayline Group is committed to creating a diverse and inclusive workplace and is proud to be an equal opportunity employer. The Grayline Group evaluates qualified candidates without regard to any characteristic protected by local legislation. In addition, the Grayline Group provides reasonable accommodations for qualified individuals with disabilities. Job Types: Full-time, Part-time Pay: $180,000.00 - $220,000.00 per year Expected hours: No more than 40 per week Work Location: Remote Apply tot his job