Virtual Chief Information Security Officer (vCISO) – Contract / Fractional – Contract to Hire
Company: Confidential cybersecurity startup (post-exit founders) Location: Remote (U.S. based) Type: Contract / Fractional / Project-Based Reports to: CEO & Founder
About Us
We are a newly launched cybersecurity and IT consulting startup led by the founders of a successful firm recently acquired after eight years of growth and award-winning performance in the channel. Our mission is to build the next-generation vCISO and cybersecurity advisory model — one that empowers organizations to close real security gaps, strengthen governance, and create measurable resilience without the enterprise bloat. We partner with mid-market and emerging enterprises across the U.S., providing a hands-on vCISO overlay to their IT and executive teams — guiding them through assessments, roadmaps, and 12-month improvement programs aligned with CIS v8, NIST CSF, SOC 2 readiness, and more. If you’re an experienced cybersecurity professional who loves building, advising, and helping clients mature their security posture — while being part of something from the ground up — we want to meet you. The Role As our Virtual Chief Information Security Officer (vCISO), you will: Conduct framework-based cybersecurity assessments (CIS v8, NIST CSF, SOC 2 readiness, ISO 27001 – CMMC L2 a plus). Develop maturity roadmaps and deliver executive-ready reports and risk mitigation plans. Lead one-year security program engagements to build policies, controls, and governance procedures. Partner directly with the CEO/founder on client delivery, service design, and methodology. Serve as a trusted advisor to client IT and leadership teams — translating risk into business language. Contribute to our service framework by mentoring future consultants and refining scalable delivery models. This is a contractor role with flexible engagement options — ideal for a professional already managing their own consulting practice or client base who wants to align with a high-growth, post-exit cybersecurity startup. Who You Are ✅ A seasoned cybersecurity leader (5+ years) with experience in frameworks, assessments, and program delivery. ✅ Hands-on with CIS, NIST, SOC 2 – able to move from audit readiness to program build-out. ✅ Entrepreneurial, self-directed, and comfortable operating in a startup environment. ✅ A relationship-builder who enjoys collaborating with executives and mentoring peers. ✅ Mature, low-ego, and adaptable — able to balance structure with innovation. ✅ Interested in shaping a vCISO practice and influencing the growth of a new firm.
Preferred Qualifications
Deep understanding of cybersecurity frameworks: CIS v8, NIST CSF, SOC 2 Type II, ISO 27001, CMMC L2. Proven success delivering risk assessments, POA&Ms, and security maturity programs. Excellent communication and presentation skills — able to brief non-technical executives. Experience in governance, risk, and compliance (GRC) program development. Certifications preferred: CISSP, CISM, CRISC, CCSP, CMMC RP/CP, ISO 27001 Lead Implementer. Prior vCISO or consulting background strongly preferred.
Why Join Us
Work directly with proven founders who successfully exited a national IT procurement & cybersecurity consulting firm. Help build a new vCISO service line from the ground up — your ideas matter here. Flexible contract model — work remotely, manage your own time and book of business. Opportunity to grow into a lead or partner role as the firm scales. Make real impact across multiple clients and industries.
Compensation
Contract / project-based compensation, aligned with experience and scope. Engagements typically range 3 months for assessments, followed by 12-month advisory programs. Future revenue-share or leadership opportunities as the vCISO practice grows. Send your resume or portfolio and a short note including: Frameworks you’ve led (CIS, NIST, SOC 2, etc.) Example client profiles or industries you’ve advised Your preferred rate model and availability Confidential Note We are a startup currently in stealth mode, following the sale of our prior IT procurement and cybersecurity consulting firm. All inquiries are confidential. Apply tot his job Apply tot his job Apply To this Job