Senior Virtual CISO (vCISO)– GRC Advisor

About The Position

Requirements

• 10+ years in information security, GRC, audit, or security program leadership.
• Demonstrated experience functioning as a vCISO, CISO, or senior CISO advisor.
• Deep hands-on experience with enterprise security and compliance frameworks including NIST.
• Proven ability to: Operate at the executive and board level
• Translate security risk into business and financial impact
• Advise client leadership in making risk acceptance, prioritization, and investment decisions
• Demonstrated leadership in: Incident response governance
• Third-party and service-provider risk
• Experience managing multiple clients in parallel.

Nice To Haves

• Microsoft data governance and information protection, including Purview, sensitivity labels, DLP, and records management.
• Cloud security governance across Azure, AWS, and SaaS platforms.
• Privacy engineering and data protection operations supporting global privacy programs.
• Identity and access governance, including privileged access management and zero trust strategies.
• Cyber insurance readiness and claims advisory.
• M&A cyber due diligence and post-close security integration.
• Business continuity and disaster recovery governance and tabletop facilitation.
• Security metrics, KRIs, and board-level reporting.
• Regulatory change management and policy modernization.
• Industry-related certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor or Lead Implementor

Responsibilities

• Serve as the primary security executive advisor to client leadership and boards.
• Define and maintain security strategy, multi-year roadmaps, and risk priorities, aligned to NIST-based risk management practices.
• Own enterprise risk programs, including risk registers, treatment decisions, and maturity tracking.
• Lead audit and compliance readiness across common security and compliance frameworks.
• Govern incident response programs, including IR plans, tabletop exercises, and executive coordination during active incidents.
• Oversee client GRC platforms as the system of record for risk, controls, policies, vendors, and audit evidence.
• Lead vendor and service-provider risk management, including cyber insurance and customer security reviews.
• Manage multiple concurrent vCISO engagements while maintaining delivery quality, executive credibility, and client trust.
• Direct, review, and assure work performed by analysts, specialists, and other advisors in support of client objectives.

Benefits

• RKON provides a benefits package that includes health insurance (medical, dental, vision, life, and long and short-term disability insurance); flexible time off; and a 401(k) Plan with employer match to qualifying employees.