Virtual Chief Information Security Officer (vCISO)

Virtual Chief Information Security Officer (vCISO) Department: Professional Services Location: Scottsdale AZ preferred, other remote location considered Position Summary: The Virtual Chief Information Security Officer (vCISO) serves as a trusted security advisor to clients, providing strategic and operational leadership for their cybersecurity programs. The vCISO assesses risk, develops and implements information security strategies, and ensures compliance with relevant standards and regulations. This role combines executive-level security expertise with hands-on program management to help clients build, mature, and maintain strong security postures. Key Responsibilities: Strategic Leadership & Governance • Develop and execute client-specific cybersecurity strategies and roadmaps aligned with business objectives. • Establish and lead information security governance programs, including policy frameworks, standards, and procedures. • Communicate risk posture and cybersecurity priorities to client executives and boards in business terms. • Define and manage key performance indicators (KPIs) and metrics for program maturity. Risk Management & Compliance • Advise on security risk assessments and gap analyses against frameworks such as NIST CSF, CIS Controls, ISO 27001, or CMMC. • Guide clients through compliance initiatives (e.g., SOC 2, HIPAA, GDPR, PCI DSS). • Identify, assess, and prioritize cybersecurity risks; recommend remediation plans and track progress. • Oversee third-party vendor risk management programs. Security Operations Oversight • Provide leadership over client security operations. • Review security architecture, processes, and operational workflows to ensure best practices. • Coordinate tabletop exercises and incident response planning. • Evaluate security tools and recommend enhancements to clients' technology stack. Advisory & Client Engagement • Serve as the primary cybersecurity advisor for assigned clients, maintaining long-term relationships built on trust and measurable outcomes. • Present executive-level security reports and briefings to client stakeholders. • Collaborate with internal technical teams (SOC, Engineering, Compliance) to align delivery with client needs. • Stay current with emerging threats, regulations, and industry best practices to proactively advise clients. Program Development • Develop standardized vCISO methodologies, templates, and frameworks for internal use. • Mentor junior staff and contribute to service delivery improvements. • Participate in business development by supporting client proposals, presentations, and renewals. Qualifications: • Bachelor's degree in Cybersecurity, Information Technology, or related field; advanced degree preferred. • 7+ years of progressive experience in information security, including leadership or advisory roles. • Deep understanding of security frameworks such as NIST CSF, SOC2, ISO 27001, CIS Controls, CMMC, and regulatory requirements. • Proven experience designing, implementing, and managing enterprise security programs. • Strong communication and executive presentation skills. • Industry certifications preferred: CISSP, CISM, CISA, CRISC, or similar. • Experience serving multiple clients or working in a consulting/MSSP environment strongly preferred. • Ability to travel to client sites on as needed basis Benefits Include: • Health Insurance 80% paid by employer • Dental Insurance 80% paid by employer • Vision Insurance 80% paid by employer • Self-Managed vacation leave • Paid sick leave • Paid holiday leave Lumifi Cyber welcomes and encourages diversity in our workplace. All qualified applicants will receive consideration for employment without regard to race color, religion, sex, sexual orientation, gender identity, national origin or disability. All candidates must be eligible to work in the U.S. for any employer. Lumifi participates in E-Verify verification. Apply tot his job