Virtual Chief Information Security Officer (vCISO) - MD
remote, MD
Position Summary
A leading provider of advanced IT consulting services, is seeking a highly experienced Virtual Chief Information Security Officer (vCISO) to support one of our higher education clients. This is a remote, part-time consulting role requiring approximately 20 hours per week, with potential for additional hours during cybersecurity incidents. The vCISO will serve as a strategic advisor and hands-on security leader, supporting our client in strengthening their cybersecurity program, enhancing regulatory compliance, and managing cyber risk.
Essential Duties and Responsibilities
- Conduct detailed cybersecurity risk assessments, including analysis of current security controls, vulnerabilities, and threat landscape
- Lead compliance efforts under the Gramm-Leach-Bliley Act (GLBA), serving as the Qualified Individual (QI) to report to executive leadership
- Update and implement cybersecurity policies: Incident Response, Vendor Management, Data & Asset Management, and more
- Provide oversight and strategic direction for incident response, including breach containment, investigation, post-incident review, and reporting
- Guide the adoption of security frameworks (e.g., CIS Critical Security Controls), Zero Trust Architecture, and Cloud Security Posture Management
- Support third-party risk evaluations using HECVAT and strengthen vendor security oversight
- Provide monthly reports, dashboards, and executive briefings on security KPIs/KRIs
- Review and improve security awareness training, conduct tabletop exercises, and advise on cyber insurance preparedness
Knowledge, Skills and Abilities
- Strong understanding of GLBA, FERPA, HIPAA, and Maryland/state privacy regulations
- Excellent communication skills with ability to present to executive and board-level stakeholders
- Ability to work independently as a strategic consultant while collaborating with client teams
Education & Experience
- Bachelor's degree in Cybersecurity, IT, Computer Science, or a related field (Master's preferred)
- 7–10+ years of experience in IT security, including leadership in CISO or equivalent roles
- At least one of the following certifications (current):
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CISA (Certified Information Systems Auditor)
- Experience with frameworks such as CIS, NIST, ISO, and cloud platforms like Microsoft 365, AWS, or Azure