vCISO

Job Summary

The Virtual Chief Information Security Officer (vCISO) will serve as a trusted advisor to clients, providing strategic cybersecurity guidance, risk management, and compliance oversight. This role involves developing and maintaining security programs, aligning cybersecurity initiatives with business objectives, and ensuring adherence to regulatory requirements.

Key Responsibilities

Strategic Advisory & Leadership

• Serve as a strategic advisor to clients on cybersecurity, risk management, and compliance.
• Develop and maintain security roadmaps aligned with client business goals.
• Present security strategies and findings to executive stakeholders.

Security Program Management

• Conduct and update security risk assessments.
• Facilitate client’s Risk Committee and Tech Committees.
• Maintain and manage risk registers, incident response plans, and business continuity strategies.
• Develop and maintain cybersecurity policies and procedures.

Compliance & Regulatory Oversight

• Ensure client compliance with frameworks such as NIST, ISO 27001, CIS Controls, HIPAA, GDPR, and others.
• Stay current with evolving regulatory requirements and threat landscapes.

Client Engagement & Communication

• Build strong client relationships through regular meetings and strategic reviews.
• Translate complex security concepts into business-friendly language.
• Support pre-sales efforts and client onboarding as a subject matter expert.

Collaboration & Internal Support

• Collaborate with internal teams including sales, marketing, and technical staff.
• Contribute to the development of standard operating procedures (SOPs).
• Participate in industry events and conferences as a representative of the organization.

Critical Skills

Technology Knowledge and Expertise:

Deep understanding of various infrastructure and systems technologies and solutions is crucial for identifying and mitigating gaps and making technologically sound recommendations. Staying abreast of technological advancements ensures the vCISO can recommend the best practices and configurations.

Cybersecurity and Compliance:

Expertise in cybersecurity frameworks and regulatory standards is essential for ensuring clients meet compliance requirements and maintain robust security postures. This includes knowledge of NIST, ISO 27001, HIPAA, GDPR, and other relevant standards, such as the CIS framework.

Exceptional Communication Skills:

The ability to communicate complex security concepts in a clear and business-friendly manner is vital for building trust with clients and ensuring they understand the importance of cybersecurity measures. Strong presentation and stakeholder management skills are key.

Business Acumen:

Understanding the client's business objectives and aligning cybersecurity strategies with these goals is critical for the success of the vCISO role. This includes strategic thinking, risk management, and the ability to translate security initiatives into business value to different stakeholder with different priorities.

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, or related field (Master’s preferred).
• 7+ years of experience in cybersecurity, with at least 3 years in a leadership or advisory role.
• Industry certifications such as CISSP, CISM, CISA, or CRISC strongly preferred.
• Experience with MSP/MSSP environments is a plus.
• Strong understanding of cybersecurity frameworks and regulatory standards.
• Excellent communication, presentation, and stakeholder management skills.

Physical Requirements:

• Ability to sit at a desk for long periods.
• Ability to travel.
• Ability to attend conferences.
• Ability to setup and tear down a booth at an event.

Compensation:

The base pay for this position has a salary of $100,000 – $130,000. The actual salary offer will consider a wide range of factors including the individual’s qualifications, experience as well as location. In addition, certain positions are eligible for bonuses or commissions.

Why join us?

• Family oriented team environment with strong emphasis on work life balance
• Business casual dress code – Jeans on Fridays
• Medical, dental, HSA, life and long-term disability insurance
• 401k with company match
• Phone reimbursement
• Holidays/vacation/sick days

Kraft Kennedy is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, ethnicity, age, disability, marital status, veteran status or any other characteristic protected by law.