As a Virtual Chief Information Security Officer (vCISO), you will lead and manage the security operations function of assigned project/organization. The role involves overseeing various aspects of security, disaster recovery, security finance management, documentation, compliance, and program onboarding. As a vCISO is expected to possess a diverse skill set encompassing technical, business, communication, and leadership expertise.

Skills

• Technical Proficiency
• Business Acumen
• Communication Skills
• Leadership Skills

Requirements

• Job Role Virtual Chief Information Security Officer
• Job Type Full Time
• Workplace Type Onsite
• Industry Computer and Network Security

Secondary locations

About

Not provided

Responsibilities

Security Operations:
• Lead vulnerability risk assessments.
• Implement cyber security frameworks, including NIST 800-53, ISO 27002.
• Provide oversight on incident response planning.
• Create and maintain security policies and procedures.
• Serve as an advisor for Governance, Risk, and Compliance.
• Provide leadership in performing regulatory assessments.
• Coordinate Disaster Recovery processes and procedures.
Disaster Recovery:
• Develop and implement Disaster Recovery and Business Continuity Plan policies.
• Identify and prioritize key assets for the plan.
• Schedule and plan periodic exercises of the plan.
• Manage disaster recovery exercises and provide feedback to stakeholders.
• Document the Disaster Recovery and Business Continuity Plans.
• Provide a strategic plan for backup of critical assets and systems.
Security Finance Management:
• Conduct asset management reviews.
• Quantify the overall value of security initiatives.
• Assess the cost of security tools or systems and analyze the return on investment.
Documentation:
• Establish a detailed documentation standard and review process.
• Contribute to the development and documentation of key cyber security policies.
• Maintain a standard approval process for policy reviews.
Compliance:
• Provide leadership and guidance on the implementation of regulatory compliance objectives.
• Conduct internal assessments and respond to external compliance reviews.
• Stay current on regulatory compliance updates related to the organization.
• Address standards such as SOC, PCI, HIPAA, GDPR, or FedRAMP.

• Ensure third-party systems meet security standards and align with business objectives.
• Maintain a risk assessment standard for new systems, including penetration testing or vulnerability scans.

Other Requirements

Minimum 3 Years Information Security or Cyber Security Management
Education: Bachelor's Degree
Certifications required:
ISO 27701 Lead Auditor [Active Certifications]
ISO 27701 Implementer [Active Certifications]
CISSP/ CISM [Active Certifications]

Good to have

Not provided

About the Company

ValueMentor is a full-fledged Cyber Security Partner helping organizations worldwide to effortlessly manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.