Virtual CISO – Cybersecurity Practice Lead

This is a fully remote position, open to applicants in United States.

📋 Description

• Act as the outsourced Chief Information Security Officer (CISO) for 8–12 clients, delivering executive-level security guidance on a fractional basis.

• Perform security risk assessments, gap analyses, and oversee penetration testing for both prospective and existing clients.

• Create and sustain security programs, policies, and incident response plans customized to each client's risk profile and regulatory framework.

• Manage compliance frameworks such as SOC 2, HIPAA, PCI-DSS, CCPA, NIST CSF, and CMMC.

• Communicate security posture, risk exposure, and remediation strategies to boards of directors, C-suite executives, and audit committees in a clear, business-focused manner.

• Supervise and utilize AI-driven security tools for vulnerability assessments, log analysis, threat detection, and compliance evidence gathering.

• Lead incident response efforts when clients encounter active threats or breaches, coordinating forensic analysis, legal matters, communications, and remediation efforts.

• Collaborate with RMC's reputation management team to provide integrated crisis responses when security incidents pose reputational risks.

• Engage in business development activities — participating in sales discussions, defining project scopes, and assisting in securing new cybersecurity retainers.

• Recruit, manage, and mentor junior analysts as the practice expands.

• Develop standardized methodologies, reporting templates, and delivery playbooks that enable the practice to scale without compromising quality.

⛳️ Requirements

• 7-10+ years of practical cybersecurity experience across at least two of the following areas: penetration testing, incident response, security architecture, and governance, risk, and compliance (GRC).

• 3+ years in a CISO, Director of Security, or senior consulting role, with experience interacting with boards and translating technical risks into business implications.

• Active and valid CISSP certification.

• Extensive working knowledge of SOC 2, HIPAA, NIST CSF, and at least one additional framework (such as PCI-DSS, ISO 27001, CMMC, or CCPA).

• Proven experience in building or significantly enhancing a security program from its early stages, rather than merely maintaining an existing one.

• Capability to manage multiple client engagements concurrently without compromising quality.

• Comfort in participating in sales and business development discussions — recognizing that your credibility is essential to closing deals.

🏝️ Benefits

• Health, dental, vision, and 401(k) plans.

• Performance bonus of up to 25% of base salary, linked to client acquisition, retention, and practice revenue goals.

• Revenue participation: A structured incentive for new business you source and close, designed to reward you as a practice builder, not just a practitioner.

• Potential for equity/profit-sharing as the cybersecurity division grows; this is a foundational role, and our compensation structure reflects that.