Virtual Chief Information Security Officer (vCISO)

About The Position

Requirements

• 7+ years of progressive security leadership experience, within a consulting or multi-client environment.
• Demonstrated ability to translate complex security and compliance requirements into practical, business-aligned solutions.
• Proven experience leading security programs through influence, governance, and executive engagement rather than authority.
• Demonstrated success managing competing priorities across multiple executive stakeholders in a fractional or consulting leadership model.
• Enthusiastic to work in-office to foster collaboration, mentorship, and team culture.
• A strong belief that successful vCISO engagements create healthier, more secure, and more engaged client relationships.
• Seeking a long-term professional home where security leadership craft can be refined, shared, and scaled.

Nice To Haves

• Must be based in San Diego, CA
• Regular in-person collaboration expected to support delivery excellence, peer mentorship, and executive alignment.
• Hybrid flexibility based on client and portfolio needs.

Responsibilities

• Own and execute a balanced portfolio of 5+ concurrent vCISO engagements, aligned by customer size, regulatory complexity, and delivery maturity.
• Design, develop, maintain, disseminate, and enforce customer Information Security Programs, policies, standards, and associated compliance or framework requirements.
• Execute security programs through influence, leveraging customer IT personnel and/or Bird Rock Services teams and contractors, establishing clear guidance, accountability, and escalation paths.
• Remain well informed on industry trends, threat intelligence, regulatory changes, and security technologies to continuously improve customer outcomes.
• Report on the performance and maturity of customer information security programs to executive leadership and boards using clear outcome-oriented metrics and maturity indicators.
• Expertly assess, select, and apply appropriate frameworks (e.g., CIS Controls, NIST, PCI-DSS, HIPAA) based on customer risk profile and business objectives.
• Advise on and guide customer objectives, including security assessments and testing, risk management and security compliance, security policy development, incident response planning, security training, remediation initiatives, and security lifecycle management.
• Lead and/or actively participate in customer steering committees and governance forums to align security initiatives with measurable business priorities and risk-reduction outcomes.
• Provide calm, decisive leadership during customer security incidents, serving as the senior security advisor for response coordination, executive communication, and post-incident improvement planning.
• Conduct and guide well-architected security reviews to ensure hybrid and cloud-native environments are resilient, scalable, and secure.
• Advise customers on the safe and responsible adoption of emerging technologies, including Generative AI, ensuring governance, policy, and controls prevent sensitive data leakage and unintended risk exposure.
• Use Monthly and Quarterly Business Reviews to identify material security risks and maturity gaps, translating them into prioritized, outcome-driven initiatives.
• Ensure new vCISO-related services and processes are customer-ready, documented, and fully trained to engineers, project managers, and account managers prior to client delivery.
• Provide structured peer review, peer mentorship, and delivery coaching to Bird Rock personnel executing customer security objectives.
• Contribute to the continuous improvement of the vCISO offering and related services based on real-world customer outcomes.
• Serve as a technical and strategic presales resource, supporting account teams during qualified opportunities where executive-level security leadership accelerates trust and deal velocity.
• Translate customer security challenges, regulatory requirements, and risk exposure into clearly scoped security and remediation offerings.
• Ensure presales solutions are operationally sound, align with delivery standards, and can be executed by the services team.
• Actively represent Bird Rock Systems at industry and company events by speaking, sharing insights, and engaging with peers and leaders.

Benefits

• Medical, Dental, and Vision Insurance
• Unlimited Paid Time Off
• Paid Family Leave Benefits
• Flexible Spending Accounts
• Pet Insurance
• Employee Assistance Program
• 100% Employer-Paid Life & AD&D Insurance, Short- and Long-Term Disability Insurance
• Monthly Wellness Reimbursement
• Cell Phone Reimbursement