[Hiring] Virtual CISO (vCISO)– GRC Advisor @RKON

Role Description

The vCISO Advisor serves as a fractional Chief Information Security Officer for multiple client organizations, providing executive-level security leadership, enterprise risk governance, and compliance oversight, independent of any managed IT provider. The vCISO is backed by a broader Security Advisory team including analysts, GRC specialists, offensive security testers, and other senior advisors.

• Serve as the primary security executive advisor to client leadership and boards.
• Define and maintain security strategy, multi-year roadmaps, and risk priorities, aligned to NIST-based risk management practices.
• Own enterprise risk programs, including risk registers, treatment decisions, and maturity tracking.
• Lead audit and compliance readiness across common security and compliance frameworks.
• Govern incident response programs, including IR plans, tabletop exercises, and executive coordination during active incidents.
• Oversee client GRC platforms as the system of record for risk, controls, policies, vendors, and audit evidence.
• Lead vendor and service-provider risk management, including cyber insurance and customer security reviews.
• Manage multiple concurrent vCISO engagements while maintaining delivery quality, executive credibility, and client trust.
• Direct, review, and assure work performed by analysts, specialists, and other advisors in support of client objectives.

Qualifications

• 6+ years in information security, GRC, audit, or security program leadership.
• Demonstrated experience functioning as a vCISO, CISO, or senior CISO advisor.
• Deep hands-on experience with enterprise security and compliance frameworks including NIST.

Requirements

• Proven ability to operate at the executive and board level.
• Translate security risk into business and financial impact.
• Advise client leadership in making risk acceptance, prioritization, and investment decisions.
• Demonstrated leadership in incident response governance and third-party and service-provider risk.
• Experience managing multiple clients in parallel.

Preferred Technical and Professional Expertise

• Microsoft data governance and information protection, including Purview, sensitivity labels, DLP, and records management.
• Cloud security governance across Azure, AWS, and SaaS platforms.
• Privacy engineering and data protection operations supporting global privacy programs.
• Identity and access governance, including privileged access management and zero trust strategies.
• Cyber insurance readiness and claims advisory.
• M&A cyber due diligence and post-close security integration.
• Business continuity and disaster recovery governance and tabletop facilitation.
• Security metrics, KRIs, and board-level reporting.
• Regulatory change management and policy modernization.
• Industry-related certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor or Lead Implementor.

Compensation

The base salary range for this position is $155,000-$175,000. This is an estimated range based on the circumstances at the time of posting, however, may change based on a combination of factors, including but not limited to skills, experience, education, market factors, geographical location, budget, and demand. This position is also eligible for a bonus component that would be dependent on pre-defined performance factors. As part of our total compensation package, RKON provides a benefits package that includes health insurance (medical, dental, vision, life, and long and short-term disability insurance); flexible time off; and a 401(k) Plan with employer match to qualifying employees. All compensation determinations are based on the skills and experience required for the position and commensurate with experience of selected individuals, which may vary above and below the stated amounts.