Virtual Chief Information Security Officer (vCISO)

Virtual Chief Information Security Officer (vCISO) / Fractional CISO / Security Executive Consultant Why Bird Rock Systems At Bird Rock Systems, we take pride in being named one of the Inc. 5000 Fastest Growing Private Companies. Our dynamic journey to success is fueled by a team of passionate individuals who thrive in a fast-paced environment. We're more than a workplace; we're a community of fun-loving people dedicated to excellence.

What Sets Us Apart:

Best Workplace Awards:

Bird Rock Systems is proud to be recognized for our commitment to fostering a positive, collaborative, and innovative culture.

Our honors include:

Inc.'s Best Workplaces San Diego Business Journal's Best Places to

Work San Diego SHRM Workplace Excellence Award Fast-Paced Growth:

As an Inc. 5000 honoree, we're committed to driving innovation and pushing boundaries. Join us to be part of a dynamic and ever-evolving company.

Vibrant Company Culture:

We believe in creating an environment where work feels like fun. Our team is more than colleagues - we're friends who collaborate, support, and celebrate together.

Core Values:

Our values define us. Loyalty, work/life balance, kaizen (continuous improvement), unwavering integrity, exceptional customer service, and giving back to our community are the cornerstones of Bird Rock Systems.

Your Opportunity:

At Bird Rock Systems, you're not just an employee - you're an essential part of our growth story. Join our team of driven professionals who embrace challenges, value camaraderie, and thrive on making a difference. If you're ready to work in an exciting atmosphere that blends passion, innovation, and purpose, we invite you to apply and embark on a rewarding journey with us. Take the next step towards an inspiring career. and become a proud contributor to Bird Rock Systems' exceptional trajectory! Join us on our journey. Apply today.

Position Summary Role Type :

Senior Consultant / Principal (senior individual contributor) At Bird Rock Systems, the Virtual Chief Information Security Officer (vCISO) role serves as a fractional security executive and primary delivery authority and executive advisor for a portfolio of diverse clients. The vCISO is accountable for the design, execution, and measurable improvement of each assigned customer's Information Security Program - guiding organizations from reactive security postures to optimized, business‑aligned security operations. This role is first and foremost a billable client delivery role. Cyber Security Advisory and presales support responsibilities are secondary and intentionally scoped to protect delivery quality, utilization, and customer outcomes. This role blends strategic security leadership, hands‑on advisory, and portfolio‑level accountability while remaining current on evolving security threats, industry trends, and emerging technologies. This role is for an experienced security leader who values judgment, craftsmanship, and long‑term client impact. Success is measured not by activity volume alone, but by sustained improvements in customer security maturity, executive trust, and the ability to scale sound security practices across diverse organizations. This role is based in San Diego, CA and supports clients across regulated and growth‑oriented industries. The 90 ‑ Day Win The first 90 days are focused on establishing executive credibility, delivery rhythm, and security leadership presence across the assigned client portfolio. Successfully baseline five (5) client environments using the CIS Critical Security Controls, documented in Bird Rock-approved assessment artifacts, internally reviewed, and presented to customer executive stakeholders. Identify, scope, and roadmap at least one crtical/high‑priority remediation initiative per client that results in an approved execution path and budgetary estimate, leveraging Bird Rock implementation practices (Cloud, Network, Privacy, or Security). Establish a recurring security leadership cadence (e.g., steering committees or executive briefings) with documented agendas, executive-ready reporting, and defined success metrics with assigned customers. Initiate and facilitate a weekly internal security lessons-learned forum with security engineers to share cross‑client threats, trends, and improvement opportunities, producing actionable insights that inform service standards and delivery improvements. Location Must be based in San Diego, CA Regular in‑person collaboration expected to support delivery excellence, peer mentorship, and executive alignment. This role is trusted to exercise professional judgment in balancing onsite presence with focused work. Hybrid flexibility based on client and portfolio needs. What You Bring Qualifications & Experience 7+ years of progressive security leadership experience, within a consulting or multi‑client environment. Demonstrated ability to translate complex security and compliance requirements into practical, business‑aligned solutions. Proven experience leading security programs through influence, governance, and executive engagement rather than authority. Demonstrated success managing competing priorities across multiple executive stakeholders in a fractional or consulting leadership model. Enthusiastic to work in‑office to foster collaboration, mentorship, and team culture. A strong belief that successful vCISO engagements create healthier, more secure, and more engaged client relationships. Seeking a long‑term professional home where security leadership craft can be refined, shared, and scaled—rather than a short‑term stop between titles. Key Responsibilities Portfolio Accountability & Executive Delivery Leadership (80% Billable, Year 1 ramp) Utilization targets are balanced against executive effectiveness, decision quality, and customer outcomes. Own and execute a balanced portfolio of 5+ concurrent vCISO engagements, aligned by customer size, regulatory complexity, and delivery maturity, balancing executive‑level reporting with tactical security oversight. Design, develop, maintain, disseminate, and enforce customer Information Security Programs, policies, standards, and associated compliance or framework requirements. Execute security programs through influence, leveraging customer IT personnel and/or Bird Rock Services teams and contractors, establishing clear guidance, accountability, and escalation paths. Remain well informed on industry trends, threat intelligence, regulatory changes, and security technologies to continuously improve customer outcomes. Report on the performance and maturity of customer information security programs to executive leadership and boards using clear outcome-oriented metrics and maturity indicators. This role shapes the next generation of security leaders by modeling executive judgment, ethical advisory practices, and sustainable security leadership. Portfolio Design & Sustainability Client portfolios are composed to balance customer complexity, regulatory demand, and delivery maturity. Engagement load is managed to preserve executive presence, decision quality, and long‑term customer outcomes. vCISOs are supported by delivery practices, shared artifacts, and specialized engineering teams to avoid hero‑based execution models. Framework Fluency, Risk, and Compliance Execution Expertly assess, select, and apply appropriate frameworks (e.g., CIS Controls, NIST, PCI‑DSS, HIPAA) based on customer risk profile and business objectives, ensuring depth of execution over superficial multi-framework coverage. Advise on and guide customer objectives, including but not limited to: Security assessments and testing Risk management and security compliance Security policy, process, and procedure development Incident response planning and readiness Security training and awareness programs Security remediation initiatives Security lifecycle management Lead and/or actively participate in customer steering committees and governance forums to align security initiatives with measurable business priorities and risk-reduction outcomes. Threat Defense, Incident Leadership & Advisory Presence Provide calm, decisive leadership during customer security incidents, serving as the senior security advisor for response coordination, executive communication, and post‑incident improvement planning, while respecting customer ownership of final operational decisions. Conduct and guide well‑architected security reviews to ensure hybrid and cloud‑native environments are resilient, scalable, and secure. Advise customers on the safe and responsible adoption of emerging technologies, including Generative AI, ensuring governance, policy, and controls prevent sensitive data leakage and unintended risk exposure. Strategic Growth, Upsell & Service Evolution Use Monthly and Quarterly Business Reviews to identify material security risks and maturity gaps, translating them into prioritized, outcome‑driven initiatives aligned to customer business goals, risk tolerance, and long‑term security maturity. Ensure new vCISO‑related services and processes are customer‑ready, documented, and fully trained to engineers, project managers, and account managers prior to client delivery. Provide structured peer review, peer mentorship, and delivery coaching to Bird Rock personnel executing customer security objectives, acting as a quality bar and force multiplier across the Services organization. Contribute to the continuous improvement of the vCISO offering and related services based on real‑world customer outcomes. Cyber Security Advisor Overlay & Go‑to‑Market Support This role serves as a technical and strategic presales resource, with responsibilities intentionally limited in scope and duration to protect billable delivery excellence. Presales engineering responsibilities are secondary to billable client delivery and are focused on high‑impact opportunities where executive‑level security leadership accelerates trust and deal velocity. Act as a senior security subject‑matter expert in presales engagements, supporting account teams during qualified opportunities where executive-level security leadership accelerates trust and deal velocity. Translate customer security challenges, regulatory requirements, and risk exposure into clearly scoped security and remediation offerings with documented assumptions and delivery expectations. Ensure presales solutions are operationally sound, align with our delivery standards, and can be executed by the services team without delivery ambiguity or re-scoping. Actively represents Bird Rock Systems at industry and company events by speaking, sharing insights, and engaging with peers and leaders.

Compensation Compensation Range:

$170,000 - $280,000 Strong base salary with performance incentives aligned to portfolio health, customer retention, and sustained delivery excellence; rewarding long‑term outcomes rather than short‑term utilization spikes. The above represents the expected compensation range for this job requisition. Ultimately, in determining pay, we'll consider location, experience, and other job-related factors. Benefits At Bird Rock Systems, we make sure you have the support and resources to leverage and develop your skills, secure your financial future, and take care of your health and well-being. Bird Rock Systems continually seeks to provide a workplace where everyone can be their authentic self. Through Bird Rock Systems competitive benefits offerings and various training and development opportunities, we have you covered with our Benefits Program which includes: Medical, Dental, and Vision Insurance Unlimited Paid Time Off Paid Family Leave Benefits Flexible Spending Accounts Pet Insurance Employee Assistance Program 100% Employer-Paid Life & AD&D Insurance, Short- and Long-Term Disability Insurance Monthly Wellness Reimbursement Cell Phone Reimbursement