Director Of Security Consultant

About The Position

Requirements

• Strong Cybersecurity Leadership & Technical Credibility
• Deep, hands‑on cybersecurity expertise with the ability to lead executive‑level conversations, answer detailed technical questions (particularly in Microsoft security, identity, MSSP models, and frameworks like ISO and CIS 18), and credibly tell cyber incident stories that build trust with clients.
• Consulting Experience in Life Sciences or Regulated Environments
• Proven experience delivering cybersecurity consulting services in life sciences or similarly regulated industries (e.g., healthcare, manufacturing), with an understanding of compliance‑driven environments, risk management, and how security programs align to business and regulatory requirements.
• Seller–Doer Mindset in Professional Services
• Demonstrated ability to sell and deliver cybersecurity services within a consulting model — owning business development, shaping solutions, partnering with BD, and maintaining a meaningful level of billable work while independently driving practice growth, service maturity, and client success.
• Bachelor’s degree required (ideally relevant)
• 10+ years progressive cybersecurity experience
• 3–5 years in a leadership role
• 3+ years in professional services consulting or consulting leadership
• CISSP required
• Expert-level quantitative, Excel and PowerPoint skills
• Ability to meet client deadlines and deliver impeccable results

Nice To Haves

• Non compete not a dealbreaker, but must be evaluated

Responsibilities

• Own revenue generation for the cyber practice (net new and expansions are not differentiated currently — “business you write”)
• Partner closely with BD/sales; incentives double count to encourage teamwork
• Lead solution shaping, executive client conversations, proposals, and presentations
• Build confidence internally that you can hit the sales goal
• Improve maturity of what is sold and formalize service offerings
• Standardize and document a repeatable book of services
• Help evolve and package cyber offerings over time
• Maintain delivery involvement to stay credible and close to client reality:
• Target: 500–600 billable hours/year (vs. typical 1700 for FTE consultant)
• Roughly 10 hours/week billable
• Spend the rest of time (approx. 4 days/week) on:
• BD, service/product improvement, leadership, thought leadership (web articles/publishing)
• Provide Fractional CISO services with the ability to juggle 7+ clients at once
• Support incident-related work through strong client communication and trust-building
• Must be able to handle deep technical questions in client meetings
• Needs to come across as well-rounded, mature, and technically sound
• Critical skill: telling compelling and authentic cyber incident stories that:
• build credibility and trust
• connect to client pain points
• translate technical risk into business outcomes
• Earn sales credit at or above assigned targets (target reduced in the first year)
• Network and prospect relentlessly to maintain robust pipeline of viable projects
• Scopes, prices and presents proposed SOWs to align with client needs and budgets
• Collaborates with colleagues on opportunities to optimize approaches and win business
• Maintains accurate pipeline detail using corporate tools
• Serve as or oversee Fractional CISO (fCISO) engagements, providing strategic cybersecurity leadership to clients, developing security roadmaps, overseeing risk, and guiding incident response.
• Lead or supervise Fractional Data Privacy Advisor (DPA) engagements, ensuring client compliance with privacy regulations including GDPR, HIPAA, and CCPA.
• Guide clients through onboarding assessments
• Oversee compliance readiness assessments aligned to frameworks such as SOC2, NIST CSF, ISO 27001, NIST 800-53, PCI-DSS, HIPAA, and GDPR.
• Direct gap analyses, risk management programs, and remediation strategy development.
• Lead policy development and review, ensuring policies are practical, enforceable, and aligned to security frameworks.
• Oversee GRC tool onboarding and management.
• Oversee Security Operations functions, ensuring skilled analysts evaluate and act on security alerts.
• Manage vulnerability scanning programs and provide prioritized remediation recommendations.
• Guide implementation and tuning of security tools including SIEM, EDR, and firewalls.
• Oversee M365/Google Workspace configuration scanning and Data Loss Prevention (DLP) services.
• Direct the design and implementation of secure infrastructure, systems, and automation.
• Oversee Zero Trust Architecture implementations, Identity & Access Management engineering, configuration hardening (CIS Benchmarks, STIGs), and backup/recovery

Benefits

• Unlimited PTO policy.
• Bonus structure based on sales written and hours billed.