Virtual Chief Information Security Officer (vCISO)

Job Description

Summary:

As a Virtual Chief Information Security Officer (vCISO) & Account Manager at Onward Technologies, Inc, you’ll be responsible for developing, managing, and overseeing the cybersecurity strategies for a diverse client base. You will work closely with clients to assess their security needs, develop and implement security policies and strategies, and ensure compliance. Additionally, you will function as an Account Manager, maintaining strong client relationships, ensuring service satisfaction, and identifying opportunities for service improvements and additional value offerings.

Essential Duties and Responsibilities:

1. Strategic Security Planning

• Develop and maintain a strategic security plan for each client, aligning with their business objectives and risk tolerance levels.
• Advise clients on emerging security trends, threats, and mitigation strategies.
• Coordinate with internal and client teams to ensure security strategies are integrated into all aspects of the business.

2. Security Governance and Compliance

• Ensure compliance with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001) across client environments.
• Lead security assessments and audits and manage remediation efforts.
• Implement and maintain governance frameworks that support security policies, procedures, and standards.

3. Incident Management and Response

• Lead the incident response efforts for client environments, including preparation, detection, analysis, containment, eradication, and recovery.
• Provide expert guidance during security incidents, ensuring timely and effective resolution.
• Conduct post-incident analysis to identify lessons learned and implement improvements.

4. Client Relationship Management

• Act as the primary security contact for clients, establishing strong, trust-based relationships.
• Regularly report to clients and internal stakeholders on the security posture, incidents, and ongoing initiatives.
• Understand clients’ business challenges and security needs to recommend tailored security solutions.

5. Risk Management

• Conduct regular risk assessments to identify, analyze, and prioritize risks to client environments.
• Develop and implement risk mitigation and acceptance strategies in collaboration with clients.
• Monitor the effectiveness of risk management efforts and adjust strategies as necessary.

6. Vendor and Technology Management

• Evaluate, select, and manage security technologies and services to meet client needs.
• Manage relationships with security vendors and partners to ensure they meet agreed-upon standards and deliverables.
• Stay informed on the latest security products and services to enhance the security offerings to clients.

Skills and Qualifications:

• Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.
• Professional security management certification (e.g., CISSP, CISM, or equivalent) is highly desirable.
• Extensive experience in cybersecurity, including roles in management and strategic planning.
• Strong understanding of security frameworks, standards, and regulations.
• Excellent communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Proven leadership abilities and experience managing cross-functional teams.
• Demonstrated ability to develop and maintain high levels of client trust and satisfaction.