Virtual CISO & Cybersecurity Practice Lead

Virtual CISO & Cybersecurity Practice Lead Interdependence - 5.0 Chicago, IL Job Details $200,000 - $300,000 a year 20 hours ago Benefits Profit sharing Health insurance Dental insurance 401(k) Vision insurance Qualifications Penetration testing Deal closing CMMC 7 years HIPAA compliance management Underwriting PCI Business development within consulting ISO standards Identifying new business opportunities Regulatory compliance CISSP Vulnerability assessment tools

SOC 2 HIPAA

Gap analysis Threat detection & response CISM Client services experience within consulting industry Cross-selling Hiring GPEN IT security architecture Team management System risk assessment (security system operation) NIST standards OSCP Mentoring Vulnerability scanning Recruiting Senior level AI Log analysis Crisis management Incident response implementation CRISC Customer acquisition Consulting firm experience Senior leadership Closing sales Full Job Description Who We Are Reputation Management Consultants (RMC) is an affiliated organization with a premier advisory firm specializing in reputation management and strategic consulting for mid-market companies and high-profile clients. We are launching a dedicated cybersecurity division to address a critical truth our clients face every day: a data breach is a reputation event. We're building an AI-powered cybersecurity practice from the ground up and are looking for a senior practitioner to lead it. This is not a staff role buried inside an org chart. This is a founding leadership position where you will build and run a cybersecurity practice within an established, profitable firm, with existing client relationships, sales infrastructure, and operational support behind you from day one. Position Overview You will serve as the senior cybersecurity practitioner and virtual CISO to a growing portfolio of mid-market clients (typically $25M-$150M in revenue, 100-1,000 employees). You will own the full client lifecycle, from initial security risk assessments through ongoing advisory, compliance management, and incident response coordination. Key Responsibilities Serve as the outsourced CISO for 8-12 clients, providing executive-level security leadership on a fractional basis Conduct security risk assessments, gap analyses, and penetration testing oversight for prospective and current clients Develop and maintain security programs, policies, and incident response plans tailored to each client's risk profile and regulatory environment Manage compliance frameworks including

SOC 2, HIPAA, PCI-DSS, CCPA, NIST

CSF, and CMMC Present security posture, risk exposure, and remediation roadmaps to boards of directors, C-suites, and audit committees in clear, business-oriented language Oversee and leverage AI-driven security tooling for vulnerability scanning, log analysis, threat detection, and compliance evidence collection Quarterback incident response when clients face active threats or breaches, coordinating forensics, legal, communications, and remediation Collaborate with RMC's reputation management team to deliver integrated crisis response when security events create reputational exposure Participate in business development — joining sales conversations, scoping engagements, and helping close new cybersecurity retainers Recruit, manage, and mentor junior analysts as the practice scales Build standardized methodologies, reporting templates, and delivery playbooks that allow the practice to scale without sacrificing quality

Qualifications:

7-10+ years of hands-on cybersecurity experience spanning at least two of the following: penetration testing, incident response, security architecture, GRC (governance, risk, and compliance) 3+ years operating at the CISO, Director of Security, or senior consulting level, you've sat in the room with boards and translated technical risk into business impact CISSP certification (active and in good standing) Deep working knowledge of

SOC 2, HIPAA, NIST

CSF, and at least one additional framework (PCI-DSS, ISO 27001, CMMC, CCPA) Experience building or significantly expanding a security program from early stages, not just maintaining one someone else built Ability to manage multiple client engagements simultaneously without quality degradation Comfortable participating in sales and business development conversations — you understand that your credibility is what closes deals

Nice-to-Haves:

CMMC Registered Practitioner (RP) or Certified CMMC Assessor (CCA) — the Southern California defense industrial base is a priority vertical Additional certifications: CISM, CRISC, OSCP, GPEN, or

SANS GIAC

credentials Experience running a cybersecurity consulting practice, MSSP, or vCISO firm — either as founder or practice lead Background in incident response or digital forensics Familiarity with AI-driven security platforms and willingness to integrate emerging AI tooling into service delivery Experience with cyber insurance underwriting requirements and risk assessment frameworks Existing professional network in the Southern California cybersecurity community What will set you apart: You've built something before, a practice, a team, a firm, and you want to do it again with resources and infrastructure behind you You can explain a zero-day exploit to a board member and a budget justification to a CFO in the same meeting You're not just a technician who moved into management, you genuinely enjoy the client relationship and advisory aspects of the work You see AI as a force multiplier for your expertise, not a threat to it Why This Role You'll have an existing client base to cross-sell into from day one. You'll have AI-powered tooling that handles the repetitive analytical work so you can focus on the high-value advisory that clients actually pay for. And you'll have a leadership team that understands professional services, client management, and scaling consulting practices. because that's what we've done for over two decades. If you want to build a cybersecurity practice with the autonomy of a founder and the support system of an established firm, this is it. Compensation & Structure Base salary: $200,000 - $300,000 depending on experience and credentials Performance bonus: Up to 25% of base, tied to client acquisition, retention, and practice revenue targets Revenue participation: Structured incentive on new business you source and close, designed to reward you as a practice builder, not just a practitioner

Benefits:

Health, dental, vision, 401(k) Equity / profit-sharing potential as the cybersecurity division scales, this is a founding role and we structure compensation to reflect that