Virtual Chief Information Security Officer (vCISO) – Contract / Fractional – Contract to Hire

Company: Confidential cybersecurity startup (post-exit founders) Location: Remote (U.S. based) Type: Contract / Fractional / Project-Based Reports to: CEO & Founder About Us We are a newly launched cybersecurity and IT consulting startup led by the founders of a successful firm recently acquired after eight years of growth and award-winning performance in the channel. Our mission is to build the next-generation vCISO and cybersecurity advisory model — one that empowers organizations to close real security gaps, strengthen governance, and create measurable resilience without the enterprise bloat. We partner with mid-market and emerging enterprises across the U.S., providing a hands-on vCISO overlay to their IT and executive teams — guiding them through assessments, roadmaps, and 12-month improvement programs aligned with CIS v8, NIST CSF, SOC 2 readiness, and more. If you’re an experienced cybersecurity professional who loves building, advising, and helping clients mature their security posture — while being part of something from the ground up — we want to meet you. The Role As our Virtual Chief Information Security Officer (vCISO), you will: Conduct framework-based cybersecurity assessments (CIS v8, NIST CSF, SOC 2 readiness, ISO 27001 – CMMC L2 a plus). Develop maturity roadmaps and deliver executive-ready reports and risk mitigation plans. Lead one-year security program engagements to build policies, controls, and governance procedures. Partner directly with the CEO/founder on client delivery, service design, and methodology. Serve as a trusted advisor to client IT and leadership teams — translating risk into business language. Contribute to our service framework by mentoring future consultants and refining scalable delivery models. This is a contractor role with flexible engagement options — ideal for a professional already managing their own consulting practice or client base who wants to align with a high-growth, post-exit cybersecurity startup. Who You Are ✅ A seasoned cybersecurity leader (5+ years) with experience in frameworks, assessments, and program delivery. ✅ Hands-on with CIS, NIST, SOC 2 – able to move from audit readiness to program build-out. ✅ Entrepreneurial, self-directed, and comfortable operating in a startup environment. ✅ A relationship-builder who enjoys collaborating with executives and mentoring peers. ✅ Mature, low-ego, and adaptable — able to balance structure with innovation. ✅ Interested in shaping a vCISO practice and influencing the growth of a new firm. Preferred Qualifications Deep understanding of cybersecurity frameworks: CIS v8, NIST CSF, SOC 2 Type II, ISO 27001, CMMC L2. Proven success delivering risk assessments, POA&Ms, and security maturity programs. Excellent communication and presentation skills — able to brief non-technical executives. Experience in governance, risk, and compliance (GRC) program development. Certifications preferred: CISSP, CISM, CRISC, CCSP, CMMC RP/CP, ISO 27001 Lead Implementer. Prior vCISO or consulting background strongly preferred. Why Join Us Work directly with proven founders who successfully exited a national IT procurement & cybersecurity consulting firm. Help build a new vCISO service line from the ground up — your ideas matter here. Flexible contract model — work remotely, manage your own time and book of business. Opportunity to grow into a lead or partner role as the firm scales. Make real impact across multiple clients and industries. Compensation Contract / project-based compensation, aligned with experience and scope. Engagements typically range 3 months for assessments, followed by 12-month advisory programs. Future revenue-share or leadership opportunities as the vCISO practice grows. Send your resume or portfolio and a short note including: Frameworks you’ve led (CIS, NIST, SOC 2, etc.) Example client profiles or industries you’ve advised Your preferred rate model and availability Confidential Note We are a startup currently in stealth mode, following the sale of our prior IT procurement and cybersecurity consulting firm. All inquiries are confidential. Apply tot his job Apply tot his job