vCISO- job post

Job Description

United States•Remote

Full-time

Job details

Job type

• Full-time

BenefitsPulled from the full job description

• Health insurance

Full job description

Overview:

As a vCISO, you will oversee and actively participate in the information security and compliance efforts of a pod of approximately 10 mid-market clients. The role works directly with technical IT operations and business-level risk management, focusing on building long-term security roadmaps, ensuring regulatory compliance (like SOC2 or HIPAA), and managing incident response protocols.

GRSEE is committed to providing equal employment opportunities to all applicants and prohibits discrimination on the basis of national origin, race, or any other protected characteristic.

Key Responsibilities:

• Serve as a virtual Chief Information Security Officer (vCISO) for a number of business clients, directly managing and executing a security roadmap for governance, risk, and compliance.
• Engage in a range of security support tasks, ensuring clients receive thorough, actionable solutions.
• Lead and perform hands-on tasks, such as risk assessments, gap analysis, security questionnaires, and security tabletop exercises, collaborating closely with the client to complete the work.
• Guide and support mid-market companies in achieving compliance while addressing specific needs and practical challenges within their limited timeframes and resources.
• Provide detailed compliance documentation, reports, and other deliverables, ensuring readiness for audits or assessments.
• Conduct regular remote meetings with clients to discuss progress, clarify expectations, and address questions or challenges.
• Collaborate closely with a project manager and compliance consultant to keep projects on track and deliver within agreed timelines.

Mandatory Qualifications:

• 5+ years of relevant experience in IT and Information Security, with a strong focus on hands-on compliance and risk management.
• Knowledge of cloud-based environments (AWS, Azure, GCP) and security domains: IAM; vulnerability management; network security, incident response.
• Demonstrated ability to manage multiple clients and personally carry out security tasks, ensuring goals are achieved within deadlines.
• Experience in completing compliance reports, fulfilling security questionnaires, and performing security risk assessments.
• Strong communication skills for interacting with technical and non-technical SMEs and delivering results in a practical, accessible manner.
• Strong presentation skills. Confidence in leading meetings and addressing both high-level and hands-on aspects of security compliance.
• Relevant industry certifications such as CISM, CISSP, CRISC, Lead Implementer, Lead Auditor – an advantage.

Preferred Qualifications:

• Prior experience as a CISO or vCISO, particularly in environments involving startups or small businesses.
• A project management background with experience in handling compliance-driven projects.
• Auditing experience across SOC 2, ISO 27001, and PCI DSS standards.
• 1-2+ years of experience working with Linux and Windows servers in domain environments.

Job Type: Full-time

Benefits:

• Health insurance

Work Location: Remote