Virtual Chief Information Security Officer (vCISO) - MD

V

Vensure Employer Solutions

Virtual Chief Information Security Officer (vCISO) - MD

National
Full Time
Paid
  • Responsibilities

    ****Position Summary

    A leading provider of advanced IT consulting services, is seeking a highly experienced Virtual Chief Information Security Officer (vCISO) to support one of our higher education clients. This is a remote, part-time consulting role requiring approximately 20 hours per week, with potential for additional hours during cybersecurity incidents. The vCISO will serve as a strategic advisor and hands-on security leader, supporting our client in strengthening their cybersecurity program, enhancing regulatory compliance, and managing cyber risk.

    Essential Duties and Responsibilities

    • Conduct detailed cybersecurity risk assessments, including analysis of current security controls, vulnerabilities, and threat landscape
    • Lead compliance efforts under the Gramm-Leach-Bliley Act (GLBA), serving as the Qualified Individual (QI) to report to executive leadership
    • Update and implement cybersecurity policies: Incident Response, Vendor Management, Data & Asset Management, and more
    • Provide oversight and strategic direction for incident response, including breach containment, investigation, post-incident review, and reporting
    • Guide the adoption of security frameworks (e.g., CIS Critical Security Controls), Zero Trust Architecture, and Cloud Security Posture Management
    • Support third-party risk evaluations using HECVAT and strengthen vendor security oversight
    • Provide monthly reports, dashboards, and executive briefings on security KPIs/KRIs
    • Review and improve security awareness training, conduct tabletop exercises, and advise on cyber insurance preparedness

    Knowledge, Skills and Abilities

    • Strong understanding of GLBA, FERPA, HIPAA, and Maryland/state privacy regulations
    • Excellent communication skills with ability to present to executive and board-level stakeholders
    • Ability to work independently as a strategic consultant while collaborating with client teams

    Education & Experience

    • Bachelor's degree in Cybersecurity, IT, Computer Science, or a related field (Master's preferred)
    • 7–10+ years of experience in IT security, including leadership in CISO or equivalent roles
    • At least one of the following certifications (current):
      • CISSP (Certified Information Systems Security Professional)
      • CISM (Certified Information Security Manager)
      • CISA (Certified Information Systems Auditor)
    • Experience with frameworks such as CIS, NIST, ISO, and cloud platforms like Microsoft 365, AWS, or Azure