Fractional Cybersecurity Advisor (vCISO)

Fractional CISO (vCISO)

• Job Type: Full Time, remote
• Reporting Relationships: Reports to CEO
• Business Hours: Mon – Fri 8:00AM – 5:00PM
• Expected Hours: Aligned to business hours
• Support Hours: Not required, except in case of a breach or emergency

 

Role Summary

The Fractional Chief Information Security Officer (CISO), or vCISO, is a senior-level consultant responsible for aligning a client company’s cybersecurity strategy with its overarching business objectives. This role provides high-level strategic guidance on security strategies, governance, risk management, and compliance (GRC) while serving as a part-time member of the client’s executive leadership team. Fractional cybersecurity consulting engagements are a critical driver of eSilo’s growth, and as such, this role requires candidates with diverse industry experience, particularly within sectors subject to stringent data security and privacy regulations, such as financial services, healthcare, and government.

A successful vCISO must rapidly assess a company’s cybersecurity posture and offer practical, actionable recommendations that can be implemented in a short time frame. This often involves the flexible application of industry frameworks using past experience, with a strong ability to prioritize improvements based on a small business’s budget, risk appetite and maturity.

At eSilo, we are a solution-oriented organization that focus holistically on the 4 P’s: program, policies, procedures, and people—ensuring our assessments are well-rounded and comprehensive. To deliver maximum value in a limited amount of time, the vCISO will manage a portfolio of security projects to completion. Effective management may include getting “hands on” to facilitate progress where necessary.

In this role, the vCISO is also expected to contribute to the growth and scalability of eSilo’s consulting practice. This includes participating in sales conversations and nurturing leads as well as developing tools, templates, and project plans that enhance client experience and service delivery.

In addition to having a broad understanding of multiple cybersecurity disciplines, ideal candidates must bring an entrepreneurial mindset, demonstrating resourcefulness, initiative, and the ability to innovate in fast-paced environments. They should possess the strategic vision to mobilize both in-house and third-party resources, while driving company-wide security initiatives from a position of influence. The ability to seize new opportunities for growth within client relationships will be key. Typical engagements vary from 5-10 hours per month for some clients, and up to 20 hours or more for larger or more complex projects.

 

Reporting Structure

This position reports directly to the CEO, however, strong relationships are also required with other consultants on the team.

 

Responsibilities

For client organizations:

1.       Assess the client’s cybersecurity posture against industry standard frameworks such as NIST CSF, ISO27001, FTC Safeguards, HIPAA, FFIEC, or other standards and regulations as applicable.

2.       Identify cybersecurity and compliance risks. Communicate impact in business terms.

3.       Scope projects to mitigate risks. Secure leadership buy-in for projects.

4.       Oversee client IT resources to execute projects, or source qualified vendors & manage project.

5.       Communicate regularly to Board/management to inform them of cybersecurity risks, impacts, and action plans.

6.       Develop, implement, and maintain a company-wide cybersecurity strategy and program.

7.       Oversee security-related compliance matters concerning GDPR, CCPA, HIPAA, FTC Safeguards and/or other relevant standards.

8.       Monitor and report on the company’s cybersecurity posture, vulnerabilities, and threats.

9.       Lead incident response activities and develop an effective incident response plan.

10.    Mentor and guide the IT/security team, driving continuous improvement.

11.    Stay updated on the latest industry trends, threats, and best practices. Communicate important developments to leadership, ensuring the organization is prepared and informed.

12.    Promote a security-awareness culture within the organization through training and communication programs.

 

For eSilo internally:

1.       Partner with CEO to grow the consulting practice, add services, and productize offerings.

2.       Participate in networking to cultivate new leads for eSilo.

3.       Work leads given to you and close deals with a target conversion ratio of 70% or better

4.       Help build repeatable, scalable processes for eSilo’s cybersecurity audit & consulting practice.

5.       Mentor junior team members.

6.       Project manage engagements, track profitability by engagement, and identify ways to improve efficiency through better processes, systems, and automated tools.

7.       Prepare monthly metrics and status reports for your practice area.

8.       Evaluate vendors, partners, and tools that can valuable additions to our portfolio.

 

Key Performance Indicators

Following goals will be financially incentivized and take effect following an initial 90-day ramp up:

·         Cultivating Business: Generate leads with potential clients and ideal referral partners (IT companies, MSPs, attorneys, M&A advisors, etc). Convert leads given to you by eSilo, earned through marketing efforts.

·         Services / Consulting Delivery: Following ramp-up period, complete a minimum of two assessments each month.

·         Meet billable hour targets (or minimum retainer targets) for ongoing consulting work.

·         Client Satisfaction: Maintain a minimum Client NPS score of 8 out of a scale of 10. Maintain a minimum client retention targets of 80% after one-year.

·         eSilo’s 100% Audit Guarantee: Maintain zero sanctions or fines for your clients in line with the eSilo Audit Guarantee: https://esilo.com/cybersecurity-audit/

 

Future Possibilities & Career Development

1.       For individuals who are seeking financial and/or time freedom, success in this role is has a direct impact on your compensation. We pay for performance. You have the opportunity to set your own salary growth rate, which will be based on your closed revenue during the preceding quarter. This gives you direct control over your take home pay and it is not capped by any fixed increases set by the Company.

2.       For an individual seeking a leadership role where you can make an impact, you will be first in line for the VP, Practice Leader role and the right-hand to the CEO with an opportunity to earn equity and grow a team.

 

Personal Development & Training

A training course or certification will be mutually identified and support by the Company.

 

Personal Attributes & Qualifications 

·         Minimum of 7 years of IT experience, with a minimum of 4 years in a senior IT or cybersecurity role.

·         Bachelor’s degree in Information Technology, Computer Science, or related field or equivalent experience.

·         Industry recognized certifications such as CISSP, CEH, or CISA are beneficial but not required.

·         Highly organized, highly efficient, and able to juggle multiple time sensitive priorities.

·         Phenomenal relationship building skills, and the ability to put others at ease in communications.

·         Enthusiasm for business development and networking. Willingness to “sell”.

·         Very strong leadership, communication, and project management skills.

·         Hands-on experience with multiple security frameworks and regulations.

·         A willingness, and ability, to roll up sleeves and get one’s hands dirty is a must.

·         Demonstrated experience in risk management and compliance in regulated environments.

·         Effective management of stakeholders and ability to adapt communication accordingly.

·         Ability to explain technical concepts and risks in business terms.

·         Calm and level-headed demeanour in stressful situations.