Virtual Chief Information Security Officer (vCISO) - MD

remote, MD

Position Summary 

A leading provider of advanced IT consulting services, is seeking a highly experienced Virtual Chief Information Security Officer (vCISO) to support one of our higher education clients. This is a remote, part-time consulting role requiring approximately 20 hours per week, with potential for additional hours during cybersecurity incidents. The vCISO will serve as a strategic advisor and hands-on security leader, supporting our client in strengthening their cybersecurity program, enhancing regulatory compliance, and managing cyber risk. 

Essential Duties and Responsibilities

  • Conduct detailed cybersecurity risk assessments, including analysis of current security controls, vulnerabilities, and threat landscape
  • Lead compliance efforts under the Gramm-Leach-Bliley Act (GLBA), serving as the Qualified Individual (QI) to report to executive leadership
  • Update and implement cybersecurity policies: Incident Response, Vendor Management, Data & Asset Management, and more
  • Provide oversight and strategic direction for incident response, including breach containment, investigation, post-incident review, and reporting
  • Guide the adoption of security frameworks (e.g., CIS Critical Security Controls), Zero Trust Architecture, and Cloud Security Posture Management
  • Support third-party risk evaluations using HECVAT and strengthen vendor security oversight
  • Provide monthly reports, dashboards, and executive briefings on security KPIs/KRIs
  • Review and improve security awareness training, conduct tabletop exercises, and advise on cyber insurance preparedness

Knowledge, Skills and Abilities

  • Strong understanding of GLBA, FERPA, HIPAA, and Maryland/state privacy regulations
  • Excellent communication skills with ability to present to executive and board-level stakeholders
  • Ability to work independently as a strategic consultant while collaborating with client teams

Education & Experience

  • Bachelor's degree in Cybersecurity, IT, Computer Science, or a related field (Master's preferred)
  • 7–10+ years of experience in IT security, including leadership in CISO or equivalent roles
  • At least one of the following certifications (current):
    • CISSP (Certified Information Systems Security Professional)
    • CISM (Certified Information Security Manager) 
    • CISA (Certified Information Systems Auditor)
  • Experience with frameworks such as CIS, NIST, ISO, and cloud platforms like Microsoft 365, AWS, or Azure