Fractional Virtual CISO (vCISO)

Near Shore Cyber

Winchester, Virginia(remote)

JOB DETAILS
SKILLS
Auditing, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Certified Public Accountant (CPA), Cloud Computing, Endpoint Security, HIPAA (Health Insurance Portability and Accountability Act), Incident Response, Information/Data Security (InfoSec), Leadership, Machine Tool, Microsoft Windows Azure, Network Security, PCI, Policy Development, Professional Services, Public Accounting, Risk, Risk Analysis, Virtual Machine (VM), Willing to Travel
LOCATION
Winchester, Virginia
POSTED
30+ days ago

Engagement: Part-time / contract, ~20 hours per month (occasional months may extend toward 40)

Location: Remote, with periodic travel to Winchester, VA for executive briefings and key meetings

Reports to: The security leadership of our Winchester, Virginia-based client; works directly with the CPA firm's CIO, CTIO, and managing partners

Compensation: $100–$125/hour, 1099 contractor

About the engagement

We are recruiting a dedicated fractional CISO for our Winchester, Virginia-based client, who delivers the security program for a regional CPA firm of about 350 people. This is not a portfolio role. All hours go to the single CPA firm engagement, and the hire owns the firm's information security program end-to-end.

The CPA firm's internal IT team handles day-to-day operations. Our Winchester, Virginia-based client owns security on the firm's behalf, and the hire is the senior face of that program. The CPA firm values continuity and a close advisory relationship with their CISO, so this role suits someone who wants to go deep with one organization rather than rotate across many.

Responsibilities

  • Own the CPA firm's information security strategy, roadmap, governance, and executive reporting
  • Maintain and mature the firm's GLBA / FTC Safeguards Rule and HIPAA compliance posture
  • Serve as the executive-level security voice to the CIO, CTIO, managing partners, and audit/risk committee
  • Lead policy development, risk assessment, third-party risk, and incident response governance
  • Provide principal-level technical advisory on architecture, tooling, and cloud security decisions — security and adjacent technology
  • Partner with the delivery teams of our Winchester, Virginia-based client on tactical execution (pentest scoping, VM strategy, security tooling rollouts)
  • Brief the CPA firm's leadership quarterly and on-demand for major events

Required Experience

  • 7+ years in information security leadership, including 3+ in a CISO, vCISO, or Director of Security capacity
  • Direct experience supporting CPA firms or comparable professional services environments
  • Working command of GLBA / FTC Safeguards Rule and HIPAA — applied, not just templated
  • Strong technical foundation: substantive engagement on cloud (Microsoft / Azure preferred), endpoint security, network security, and identity
  • Executive presence — able to sit across from a managing partner and earn their trust quickly
  • Willing and able to act as a principal technology advisor on decisions that extend beyond strict security scope

Preferred Experience

  • Active CISSP, CISM, or CCISO
  • Prior in-house experience inside a public accounting firm's IT or risk organization
  • Familiarity with SOC 2 and PCI in adjacent contexts

Compensation

  • $100–$125/hour, 1099 contractor
  • Approximately 20 hours per month, with rare months extending toward 40

About the Company

N

Near Shore Cyber