Virtual Chief Information Security Officer (vCISO)

About The Position

Requirements

• 7+ years of progressive security leadership experience, within a consulting or multi‑client environment.
• Demonstrated ability to translate complex security and compliance requirements into practical, business‑aligned solutions.
• Proven experience leading security programs through influence, governance, and executive engagement rather than authority.
• Demonstrated success managing competing priorities across multiple executive stakeholders in a fractional or consulting leadership model.
• Enthusiastic to work in‑office to foster collaboration, mentorship, and team culture.
• A strong belief that successful vCISO engagements create healthier, more secure, and more engaged client relationships.
• Seeking a long‑term professional home where security leadership craft can be refined, shared, and scaled—rather than a short‑term stop between titles.
• Must be based in San Diego, CA.
• Regular in‑person collaboration expected to support delivery excellence, peer mentorship, and executive alignment.
• Expertise in assessing, selecting, and applying appropriate frameworks (e.g., CIS Controls, NIST, PCI‑DSS, HIPAA).

Nice To Haves

• Hybrid flexibility based on client and portfolio needs.

Responsibilities

• Serve as a fractional security executive and primary delivery authority and executive advisor for a portfolio of diverse clients.
• Design, execute, and measurably improve each assigned customer’s Information Security Program.
• Guide organizations from reactive security postures to optimized, business‑aligned security operations.
• Translate complex security and compliance requirements into practical, business‑aligned solutions.
• Lead security programs through influence, governance, and executive engagement.
• Manage competing priorities across multiple executive stakeholders in a fractional or consulting leadership model.
• Own and execute a balanced portfolio of 5+ concurrent vCISO engagements, balancing executive-level reporting with tactical security oversight.
• Design, develop, maintain, disseminate, and enforce customer Information Security Programs, policies, standards, and associated compliance or framework requirements.
• Execute security programs through influence, leveraging customer IT personnel and/or Bird Rock Services teams and contractors, establishing clear guidance, accountability, and escalation paths.
• Remain well informed on industry trends, threat intelligence, regulatory changes, and security technologies to continuously improve customer outcomes.
• Report on the performance and maturity of customer information security programs to executive leadership and boards using clear outcome-oriented metrics and maturity indicators.
• Shape the next generation of security leaders by modeling executive judgment, ethical advisory practices, and sustainable security leadership.
• Expertly assess, select, and apply appropriate frameworks (e.g., CIS Controls, NIST, PCI‑DSS, HIPAA) based on customer risk profile and business objectives.
• Advise on and guide customer objectives, including security assessments and testing, risk management and security compliance, security policy, process, and procedure development, incident response planning and readiness, security training and awareness programs, security remediation initiatives, and security lifecycle management.
• Lead and/or actively participate in customer steering committees and governance forums to align security initiatives with measurable business priorities and risk-reduction outcomes.
• Provide calm, decisive leadership during customer security incidents, serving as the senior security advisor for response coordination, executive communication, and post‑incident improvement planning.
• Conduct and guide well‑architected security reviews to ensure hybrid and cloud‑native environments are resilient, scalable, and secure.
• Advise customers on the safe and responsible adoption of emerging technologies, including Generative AI, ensuring governance, policy, and controls prevent sensitive data leakage and unintended risk exposure.
• Use Monthly and Quarterly Business Reviews to identify material security risks and maturity gaps, translating them into prioritized, outcome‑driven initiatives aligned to customer business goals, risk tolerance, and long‑term security maturity.
• Ensure new vCISO‑related services and processes are customer‑ready, documented, and fully trained to engineers, project managers, and account managers prior to client delivery.
• Provide structured peer review, peer mentorship, and delivery coaching to Bird Rock personnel executing customer security objectives.
• Contribute to the continuous improvement of the vCISO offering and related services based on real‑world customer outcomes.
• Serve as a technical and strategic presales resource, supporting account teams during qualified opportunities where executive-level security leadership accelerates trust and deal velocity.
• Translate customer security challenges, regulatory requirements, and risk exposure into clearly scoped security and remediation offerings with documented assumptions and delivery expectations.
• Ensure presales solutions are operationally sound, align with our delivery standards, and can be executed by the services team without delivery ambiguity or re-scoping.
• Actively represents Bird Rock Systems at industry and company events by speaking, sharing insights, and engaging with peers and leaders.

Benefits

• Medical, Dental, and Vision Insurance
• Unlimited Paid Time Off
• Paid Family Leave Benefits
• Flexible Spending Accounts
• Pet Insurance
• Employee Assistance Program
• 100% Employer-Paid Life & AD&D Insurance, Short- and Long-Term Disability Insurance
• Monthly Wellness Reimbursement
• Cell Phone Reimbursement