Lumifi
Virtual Chief Information Security Officer (vCISO)
Department: Professional Services
Location: Scottsdale AZ preferred, other remote location considered
Position Summary The Virtual Chief Information Security Officer (vCISO) serves as a trusted security advisor to clients, providing strategic and operational leadership for their cybersecurity programs. The vCISO assesses risk, develops and implements information security strategies, and ensures compliance with relevant standards and regulations. This role combines executive-level security expertise with hands‑on program management to help clients build, mature, and maintain strong security postures.
Key Responsibilities Strategic Leadership & Governance
Develop and execute client-specific cybersecurity strategies and roadmaps aligned with business objectives
Establish and lead information security governance programs, including policy frameworks, standards, and procedures
Communicate risk posture and cybersecurity priorities to client executives and boards in business terms
Define and manage key performance indicators (KPIs) and metrics for program maturity
Risk Management & Compliance
Advise on security risk assessments and gap analyses against frameworks such as NIST CSF, CIS Controls, ISO 27001, or CMMC
Guide clients through compliance initiatives (e.g., SOC 2, HIPAA, GDPR, PCI DSS)
Identify, assess, and prioritize cybersecurity risks; recommend remediation plans and track progress
Oversee third-party vendor risk management programs
Security Operations Oversight
Provide leadership over client security operations
Review security architecture, processes, and operational workflows to ensure best practices
Coordinate tabletop exercises and incident response planning
Evaluate security tools and recommend enhancements to clients’ technology stack
Advisory & Client Engagement
Serve as the primary cybersecurity advisor for assigned clients, maintaining long‑term relationships built on trust and measurable outcomes
Present executive-level security reports and briefings to client stakeholders
Collaborate with internal technical teams (SOC, Engineering, Compliance) to align delivery with client needs
Stay current with emerging threats, regulations, and industry best practices to proactively advise clients
Program Development
Develop standardized vCISO methodologies, templates, and frameworks for internal use
Mentor junior staff and contribute to service delivery improvements
Participate in business development by supporting client proposals, presentations, and renewals
Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, or related field; advanced degree preferred
7+ years of progressive experience in information security, including leadership or advisory roles
Deep understanding of security frameworks such as NIST CSF, SOC2, ISO 27001, CIS Controls, CMMC, and regulatory requirements
Proven experience designing, implementing, and managing enterprise security programs
Strong communication and executive presentation skills
Industry certifications preferred: CISSP, CISM, CISA, CRISC, or similar
Experience serving multiple clients or working in a consulting/MSSP environment strongly preferred
Ability to travel to client sites as needed
Benefits Include
Health Insurance 80% paid by employer
Dental Insurance 80% paid by employer
Vision Insurance 80% paid by employer
Self-Managed vacation leave
Paid sick leave
Paid holiday leave
Lumifi Cyber welcomes and encourages diversity in our workplace. All qualified applicants will receive consideration for employment without regard to race color, religion, sex, sexual orientation, gender identity, national origin or disability.
All candidates must be eligible to work in the U.S. for any employer. Lumifi participates in E-Verify verification.
#J-18808-Ljbffr
Location: Scottsdale AZ preferred, other remote location considered
Position Summary The Virtual Chief Information Security Officer (vCISO) serves as a trusted security advisor to clients, providing strategic and operational leadership for their cybersecurity programs. The vCISO assesses risk, develops and implements information security strategies, and ensures compliance with relevant standards and regulations. This role combines executive-level security expertise with hands‑on program management to help clients build, mature, and maintain strong security postures.
Key Responsibilities Strategic Leadership & Governance
Develop and execute client-specific cybersecurity strategies and roadmaps aligned with business objectives
Establish and lead information security governance programs, including policy frameworks, standards, and procedures
Communicate risk posture and cybersecurity priorities to client executives and boards in business terms
Define and manage key performance indicators (KPIs) and metrics for program maturity
Risk Management & Compliance
Advise on security risk assessments and gap analyses against frameworks such as NIST CSF, CIS Controls, ISO 27001, or CMMC
Guide clients through compliance initiatives (e.g., SOC 2, HIPAA, GDPR, PCI DSS)
Identify, assess, and prioritize cybersecurity risks; recommend remediation plans and track progress
Oversee third-party vendor risk management programs
Security Operations Oversight
Provide leadership over client security operations
Review security architecture, processes, and operational workflows to ensure best practices
Coordinate tabletop exercises and incident response planning
Evaluate security tools and recommend enhancements to clients’ technology stack
Advisory & Client Engagement
Serve as the primary cybersecurity advisor for assigned clients, maintaining long‑term relationships built on trust and measurable outcomes
Present executive-level security reports and briefings to client stakeholders
Collaborate with internal technical teams (SOC, Engineering, Compliance) to align delivery with client needs
Stay current with emerging threats, regulations, and industry best practices to proactively advise clients
Program Development
Develop standardized vCISO methodologies, templates, and frameworks for internal use
Mentor junior staff and contribute to service delivery improvements
Participate in business development by supporting client proposals, presentations, and renewals
Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, or related field; advanced degree preferred
7+ years of progressive experience in information security, including leadership or advisory roles
Deep understanding of security frameworks such as NIST CSF, SOC2, ISO 27001, CIS Controls, CMMC, and regulatory requirements
Proven experience designing, implementing, and managing enterprise security programs
Strong communication and executive presentation skills
Industry certifications preferred: CISSP, CISM, CISA, CRISC, or similar
Experience serving multiple clients or working in a consulting/MSSP environment strongly preferred
Ability to travel to client sites as needed
Benefits Include
Health Insurance 80% paid by employer
Dental Insurance 80% paid by employer
Vision Insurance 80% paid by employer
Self-Managed vacation leave
Paid sick leave
Paid holiday leave
Lumifi Cyber welcomes and encourages diversity in our workplace. All qualified applicants will receive consideration for employment without regard to race color, religion, sex, sexual orientation, gender identity, national origin or disability.
All candidates must be eligible to work in the U.S. for any employer. Lumifi participates in E-Verify verification.
#J-18808-Ljbffr