[Hiring] Virtual CISO & Cybersecurity Practice Lead @Interdependence

Role Description

You will serve as the senior cybersecurity practitioner and virtual CISO to a growing portfolio of mid-market clients (typically $25M–$150M in revenue, 100–1,000 employees). You will own the full client lifecycle, from initial security risk assessments through ongoing advisory, compliance management, and incident response coordination.

Key Responsibilities

• Serve as the outsourced CISO for 8–12 clients, providing executive-level security leadership on a fractional basis.
• Conduct security risk assessments, gap analyses, and penetration testing oversight for prospective and current clients.
• Develop and maintain security programs, policies, and incident response plans tailored to each client's risk profile and regulatory environment.
• Manage compliance frameworks including SOC 2, HIPAA, PCI-DSS, CCPA, NIST CSF, and CMMC.
• Present security posture, risk exposure, and remediation roadmaps to boards of directors, C-suites, and audit committees in clear, business-oriented language.
• Oversee and leverage AI-driven security tooling for vulnerability scanning, log analysis, threat detection, and compliance evidence collection.
• Quarterback incident response when clients face active threats or breaches, coordinating forensics, legal, communications, and remediation.
• Collaborate with RMC's reputation management team to deliver integrated crisis response when security events create reputational exposure.
• Participate in business development — joining sales conversations, scoping engagements, and helping close new cybersecurity retainers.
• Recruit, manage, and mentor junior analysts as the practice scales.
• Build standardized methodologies, reporting templates, and delivery playbooks that allow the practice to scale without sacrificing quality.

Qualifications

• 7-10+ years of hands-on cybersecurity experience spanning at least two of the following: penetration testing, incident response, security architecture, GRC (governance, risk, and compliance).
• 3+ years operating at the CISO, Director of Security, or senior consulting level, you've sat in the room with boards and translated technical risk into business impact.
• CISSP certification (active and in good standing).
• Deep working knowledge of SOC 2, HIPAA, NIST CSF, and at least one additional framework (PCI-DSS, ISO 27001, CMMC, CCPA).
• Experience building or significantly expanding a security program from early stages, not just maintaining one someone else built.
• Ability to manage multiple client engagements simultaneously without quality degradation.
• Comfortable participating in sales and business development conversations — you understand that your credibility is what closes deals.

Nice-to-Haves

• CMMC Registered Practitioner (RP) or Certified CMMC Assessor (CCA) — the Southern California defense industrial base is a priority vertical.
• Additional certifications: CISM, CRISC, OSCP, GPEN, or SANS GIAC credentials.
• Experience running a cybersecurity consulting practice, MSSP, or vCISO firm — either as founder or practice lead.
• Background in incident response or digital forensics.
• Familiarity with AI-driven security platforms and willingness to integrate emerging AI tooling into service delivery.
• Experience with cyber insurance underwriting requirements and risk assessment frameworks.
• Existing professional network in the Southern California cybersecurity community.

What will set you apart

• You've built something before, a practice, a team, a firm, and you want to do it again with resources and infrastructure behind you.
• You can explain a zero-day exploit to a board member and a budget justification to a CFO in the same meeting.
• You're not just a technician who moved into management, you genuinely enjoy the client relationship and advisory aspects of the work.
• You see AI as a force multiplier for your expertise, not a threat to it.

Why This Role

You'll have an existing client base to cross-sell into from day one. You'll have AI-powered tooling that handles the repetitive analytical work so you can focus on the high-value advisory that clients actually pay for. And you'll have a leadership team that understands professional services, client management, and scaling consulting practices because that's what we've done for over two decades.

If you want to build a cybersecurity practice with the autonomy of a founder and the support system of an established firm, this is it.

Compensation & Structure

• Base salary: $200,000 – $300,000 depending on experience and credentials.
• Performance bonus: Up to 25% of base, tied to client acquisition, retention, and practice revenue targets.
• Revenue participation: Structured incentive on new business you source and close, designed to reward you as a practice builder, not just a practitioner.

Benefits

• Health, dental, vision, 401(k).
• Equity / profit-sharing potential as the cybersecurity division scales, this is a founding role and we structure compensation to reflect that.