CAREERS

---

Position Type: Part-Time

Location: Remote (Serving SMBs across the US)

Experience Level: Executive (20+ Years)

As a vCISO, you will serve as a strategic security partner for multiple small-to-medium-sized businesses. Your mission is to provide executive-level security leadership without the cost of a full-time hire. You will bridge the gap between technical IT operations and business risk management, helping SMB owners and boards protect their digital assets, ensure regulatory compliance, and build a resilient security culture.

• Security Roadmap Development: Design and maintain a multi-year cybersecurity strategy that aligns with the specific business goals and budget constraints of each SMB.
• Executive Advisory: Act as a "Trusted Advisor" to CEOs and Boards, translating complex technical risks into clear business impact statements.
• Policy Architecture: Author and oversee the implementation of enterprise-level security policies (Acceptable Use, Incident Response, Access Control) tailored to the client's operational reality.

• Risk Assessments: Conduct annual or semi-annual risk assessments to identify vulnerabilities across people, processes, and technology.
• Compliance Oversight: Lead clients through the complexities of US and industry-specific regulations, including SOC2, HIPAA, PCI-DSS, CMMC, and GDPR/CCPA.
• Third-Party Risk (TPRM): Evaluate and manage the security posture of the client’s vendors and supply chain partners.

• Incident Response (IR) Leadership: Develop IR plans and lead the response to security breaches or "near-miss" events, coordinating with legal, insurance, and technical teams.
• Vulnerability Management: Oversee the prioritization and remediation of vulnerabilities identified by technical teams or automated tools.
• Disaster Recovery (DR): Ensure Business Continuity Plans (BCP) and Disaster Recovery procedures are documented and tested through tabletop exercises.

• Security Awareness: Implement and oversee security training programs to reduce human-error risks (e.g., phishing simulations).
• Mentorship: Provide guidance and mentorship to internal IT staff or junior security leads within the client organization.

• Years of Experience: Minimum of 20 years in Information Technology, with at least 10 years in a senior leadership role (CISO, VP of Security, or Director).
• SMB Expertise: Proven experience tailoring "Enterprise-grade" security to the constraints of small and medium-sized organizations.
• US Regulatory Mastery: Deep knowledge of the US regulatory landscape and standard frameworks (NIST CSF, ISO 27001, CIS Controls).
• Certifications: Active CISSP or CISM is required. Additional certifications (CISA, CRISC, or GIAC) are highly preferred.
• Soft Skills: Exceptional "executive presence" with the ability to influence stakeholders who may have limited technical backgrounds.

• Fractional Engagement: You will manage a portfolio of clients, typically dedicating 4–10 hours per week per client.
• Remote-First: All work is conducted virtually, though occasional travel for high-stakes audits or board meetings may be requested.
• As-Needed Support: Beyond scheduled hours, you will serve as the primary point of contact for emergency security incidents.

If you are a senior security leader interested in a part-time vCISO role serving US-based SMBs, please send your resume to: contact.wersec@gmail.com