Trick Dog Technology is seeking an experienced Virtual Chief Information Security Officer (vCISO) to provide fractional cybersecurity leadership and strategic advisory services across four client organizations. The vCISO will allocate approximately 800 hours per year (an average of 200 hours per client) to support each organization’s cybersecurity governance, risk management, and compliance initiatives.

This role is ideal for a senior security professional with strong leadership, advisory, and program management skills who thrives in a consultative capacity, guiding multiple clients toward mature, sustainable security postures.

Primary Responsibilities

1. Security Program Leadership

• Develop, refine, and oversee each client’s cybersecurity program and roadmap, ensuring alignment with business objectives and regulatory requirements.

• Establish and maintain cybersecurity policies, procedures, and standards that reflect leading frameworks such as NIST CSF, CIS Controls, ISO 27001, and CMMC.

• Provide executive-level reporting to boards and leadership teams, including metrics and recommendations to strengthen governance and compliance.

2. Governance, Risk, and Compliance (GRC)

• Lead annual and quarterly risk assessments, maintain risk registers, and develop mitigation plans.

• Oversee compliance initiatives related to applicable standards and regulations, including PCI-DSS, HIPAA, GLBA, CFPB, CMMC Levels 1–2, and ISO 27001.

• Support internal and external audit processes by reviewing artifacts, identifying gaps, and documenting remediation steps.

• Advise on data privacy obligations and coordinate with client legal and compliance teams as needed.

3. Incident Response and Threat Management

• Evaluate and enhance each client’s Incident Response Plan (IRP), including tabletop exercises for ransomware and other critical threats.

• Provide guidance on developing or updating incident response playbooks.

• Coordinate with client IT teams and managed detection/response vendors to improve response capabilities and reduce dwell time.

• Deliver post-incident assessments with actionable recommendations.

4. Strategic Advisory and Collaboration

• Serve as the primary cybersecurity advisor to client executive teams, guiding investment priorities, control implementation, and staff focus areas.

• Facilitate collaboration between security, IT, and business stakeholders to align efforts and eliminate silos.

• Provide continuous education and awareness training across departments to strengthen organizational security culture.

• Represent the cybersecurity function in vendor management discussions and third-party risk assessments.

5. Deliverables and Reporting

For each client, the vCISO will produce and maintain:

• Cybersecurity Strategy & Roadmap

• Policy and Procedure Framework

• Annual Risk Assessment Report

• Tabletop Exercise Results and Recommendations

• Compliance Status and Audit Readiness Summary

• Quarterly Executive Dashboard / Board Report

Qualifications

• Education: Bachelor’s degree in Information Security, Computer Science, or a related field (Master’s preferred).

• Certifications: One or more of the following strongly preferred:

  • CISSP, CISM, CISA, CIPP, CCP, CCSP, or ISO 27001 Lead Implementer/Auditor.

• Experience:

  • 10+ years in cybersecurity, including at least 5 years in a senior leadership or CISO advisory role.

  • Demonstrated success designing and managing security programs across multiple organizations or business units.

  • Strong understanding of risk management frameworks, compliance requirements, and modern threat landscapes.

  • Experience supporting audits, compliance assessments, and vendor risk management.

• Soft Skills:

  • Excellent communication and presentation skills.

  • Ability to build trust and influence executives and technical teams alike.

  • Strategic thinker with hands-on technical awareness.