Virtual Chief Information Security Officer (vCISO) – Contract / Fractional - Contract to Hire

Company: Confidential cybersecurity startup (post-exit founders)Location:Remote (U.S. based)Type: Contract / Fractional / Project-BasedReports to: CEO & FounderAbout UsWe are a newly launched cybersecurity and IT consulting startup led by the founders of a successful firm recently acquired after eight years of growth and award-winning performance in the channel. Our mission is to build the next-generation vCISO and cybersecurity advisory model — one that empowers organizations to close real security gaps, strengthen governance, and create measurable resilience without the enterprise bloat.We partner with mid-market and emerging enterprises across the U.S., providing a hands-on vCISO overlay to their IT and executive teams — guiding them through assessments, roadmaps, and 12-month improvement programs aligned with CIS v8, NIST CSF, SOC 2 readiness, and more. If you’re an experienced cybersecurity professional who loves building, advising, and helping clients mature their security posture — while being part of something from the ground up — we want to meet you. The RoleAs our Virtual Chief Information Security Officer (vCISO), you will:Conduct framework-based cybersecurity assessments (CIS v8, NIST CSF, SOC 2 readiness, ISO 27001 – CMMC L2 a plus).Develop maturity roadmaps and deliver executive-ready reports and risk mitigation plans. Lead one-year security program engagements to build policies, controls, and governance procedures. Partner directly with the CEO/founder on client delivery, service design, and methodology. Serve as a trusted advisor to client IT and leadership teams — translating risk into business language. Contribute to our service framework by mentoring future consultants and refining scalable delivery models. This is a contractor role with flexible engagement options — ideal for a professional already managing their own consulting practice or client base who wants to align with a high-growth, post-exit cybersecurity startup.Who You Are✅ A seasoned cybersecurity leader (5+ years) with experience in frameworks, assessments, and program delivery. ✅ Hands-on with CIS, NIST, SOC 2 – able to move from audit readiness to program build-out. ✅ Entrepreneurial, self-directed, and comfortable operating in a startup environment. ✅ A relationship-builder who enjoys collaborating with executives and mentoring peers. ✅ Mature, low-ego, and adaptable — able to balance structure with innovation. ✅ Interested in shaping a vCISO practice and influencing the growth of a new firm.Preferred QualificationsDeep understanding of cybersecurity frameworks: CIS v8, NIST CSF, SOC 2 Type II, ISO 27001, CMMC L2. Proven success delivering risk assessments, POA&Ms, and security maturity programs. Excellent communication and presentation skills — able to brief non-technical executives. Experience in governance, risk, and compliance (GRC) program development. Certifications preferred: CISSP, CISM, CRISC, CCSP, CMMC RP/CP, ISO 27001 Lead Implementer. Prior vCISO or consulting background strongly preferred.Why Join UsWork directly with proven founders who successfully exited a national IT procurement & cybersecurity consulting firm. Help build a new vCISO service line from the ground up — your ideas matter here. Flexible contract model — work remotely, manage your own time and book of business. Opportunity to grow into a lead or partner role as the firm scales. Make real impact across multiple clients and industries. CompensationContract / project-based compensation, aligned with experience and scope.Engagements typically range 3 months for assessments, followed by 12-month advisory programs. Future revenue-share or leadership opportunities as the vCISO practice grows. Send your resume or portfolio and a short note including:Frameworks you’ve led (CIS, NIST, SOC 2, etc.)Example client profiles or industries you’ve advisedYour preferred rate model and availabilityConfidential NoteWe are a startup currently in stealth mode, following the sale of our prior IT procurement and cybersecurity consulting firm.All inquiries are confidential. Apply tot his job