Fractional Virtual CISO & Cybersecurity Practice Lead

Posted 2026-05-05
Remote, USA Full-time Immediate Start

Position Overview

You will serve as the senior cybersecurity practitioner and virtual CISO to a growing portfolio of mid-market clients (typically $25M–$150M in revenue, 100–1,000 employees). You will own the full client lifecycle, from initial security risk assessments through ongoing advisory, compliance management, and incident response coordination.

    Key Responsibilities
  • Serve as the outsourced CISO for 8–12 clients, providing executive-level security leadership on a fractional basis
  • Conduct security risk assessments, gap analyses, and penetration testing oversight for prospective and current clients
  • Develop and maintain security programs, policies, and incident response plans tailored to each client's risk profile and regulatory environment
  • Manage compliance frameworks including SOC 2, HIPAA, PCI-DSS, CCPA, NIST CSF, and CMMC
  • Present security posture, risk exposure, and remediation roadmaps to boards of directors, C-suites, and audit committees in clear, business-oriented language
  • Oversee and leverage AI-driven security tooling for vulnerability scanning, log analysis, threat detection, and compliance evidence collection
  • Quarterback incident response when clients face active threats or breaches, coordinating forensics, legal, communications, and remediation
  • Collaborate with RMC's reputation management team to deliver integrated crisis response when security events create reputational exposure
  • Participate in business development — joining sales conversations, scoping engagements, and helping close new cybersecurity retainers
  • Recruit, manage, and mentor junior analysts as the practice scales
  • Build standardized methodologies, reporting templates, and delivery playbooks that allow the practice to scale without sacrificing quality
    Qualifications
  • 7-10+ years of hands-on cybersecurity experience spanning at least two of the following: penetration testing, incident response, security architecture, GRC (governance, risk, and compliance)
  • 3+ years operating at the CISO, Director of Security, or senior consulting level, you've sat in the room with boards and translated technical risk into business impact
  • CISSP certification (active and in good standing)
  • Deep working knowledge of SOC 2, HIPAA, NIST CSF, and at least one additional framework (PCI-DSS, ISO 27001, CMMC, CCPA)
  • Experience building or significantly expanding a security program from early stages, not just maintaining one someone else built
  • Ability to manage multiple client engagements simultaneously without quality degradation
  • Comfortable participating in sales and business development conversations — you understand that your credibility is what closes deals
    Nice-to-Haves
  • CMMC Registered Practitioner (RP) or Certified CMMC Assessor (CCA) — the Southern California defense industrial base is a priority vertical
  • Additional certifications: CISM, CRISC, OSCP, GPEN, or SANS GIAC credentials
  • Experience running a cybersecurity consulting practice, MSSP, or vCISO firm — either as founder or practice lead
  • Background in incident response or digital forensics
  • Familiarity with AI-driven security platforms and willingness to integrate emerging AI tooling into service delivery
  • Experience with cyber insurance underwriting requirements and risk assessment frameworks
  • Existing professional network in the Southern California cybersecurity community
    What Will Set You Apart
  • You've built something before, a practice, a team, a firm, and you want to do it again with resources and infrastructure behind you
  • You can explain a zero-day exploit to a board member and a budget justification to a CFO in the same meeting
  • You're not just a technician who moved into management, you genuinely enjoy the client relationship and advisory aspects of the work
  • You see AI as a force multiplier for your expertise, not a threat to it
    Compensation & Structure
  • Base salary: $200,000 – $300,000 depending on experience and credentials
  • Performance bonus: Up to 25% of base, tied to client acquisition, retention, and practice revenue targets
  • Revenue participation: Structured incentive on new business you source and close, designed to reward you as a practice builder, not just a practitioner
  • Benefits: Health, dental, vision, 401(k)
  • Equity / profit-sharing potential: As the cybersecurity division scales, this is a founding role and we structure compensation to reflect that

Work Arrangement

Remote

Apply Now

Similar Jobs

Recent Jobs

Experienced Hirevector Home Advisor - Remote Threat Intelligence Analyst: Protecting Over a Billion Endpoints and Driving Innovation in Cybersecurity
Remote: Senior Information Security Analyst (SSH Key Manamgement)
Cyber Security Analyst
Sr. Intelligence Analyst | Remote, USA
ICF Incorporated, LLC: Senior Quality Assurance Engineer – Reston, VA
Automation Test Engineer - Remote
Remote Program Manager
Jr. Project Coordinator (Remote, contract) | INFUSE
Advanced Project Manager, Ovation SW
Project Manager - Defined Term (Remote, EST)

You May Also Like

Chemistry Researcher (Masters/PhDs)
Weekend Appointment Setter for Inbound Home Service Leads (U.S. Only)
Entry Level Data Entry Specialist - Launch Your Career in Logistics & Operations Excellence
**Experienced Healthcare Customer Service Representative - Remote Opportunity at arenaflex**
Business Intelligence Technical Lead (Remote - United States)
**Experienced Data Entry Specialist – Work From Home Opportunity at arenaflex**
**Experienced Customer Service Agent – Remote Travel Support Specialist**
General Liability Claims Adjuster
**Experienced Data Entry Specialist – Remote Work Opportunity at arenaflex**
**Experienced Data Entry Specialist – Aviation Industry Operations**
Back to Job Board