Fractional Virtual CISO (vCISO)

Engagement: Part-time / contract, ~20 hours per month (occasional months may extend toward 40)

Location: Remote, with periodic travel to Winchester, VA for executive briefings and key meetings

Reports to: The security leadership of our Winchester, Virginia-based client; works directly with the CPA firm's CIO, CTIO, and managing partners

Compensation: $100–$125/hour, 1099 contractor

About the engagement

We are recruiting a dedicated fractional CISO for our Winchester, Virginia-based client, who delivers the security program for a regional CPA firm of about 350 people. This is not a portfolio role. All hours go to the single CPA firm engagement, and the hire owns the firm's information security program end-to-end.

The CPA firm's internal IT team handles day-to-day operations. Our Winchester, Virginia-based client owns security on the firm's behalf, and the hire is the senior face of that program. The CPA firm values continuity and a close advisory relationship with their CISO, so this role suits someone who wants to go deep with one organization rather than rotate across many.

Responsibilities

• Own the CPA firm's information security strategy, roadmap, governance, and executive reporting
• Maintain and mature the firm's GLBA / FTC Safeguards Rule and HIPAA compliance posture
• Serve as the executive-level security voice to the CIO, CTIO, managing partners, and audit/risk committee
• Lead policy development, risk assessment, third-party risk, and incident response governance
• Provide principal-level technical advisory on architecture, tooling, and cloud security decisions — security and adjacent technology
• Partner with the delivery teams of our Winchester, Virginia-based client on tactical execution (pentest scoping, VM strategy, security tooling rollouts)
• Brief the CPA firm's leadership quarterly and on-demand for major events

Required Experience

• 7+ years in information security leadership, including 3+ in a CISO, vCISO, or Director of Security capacity
• Direct experience supporting CPA firms or comparable professional services environments
• Working command of GLBA / FTC Safeguards Rule and HIPAA — applied, not just templated
• Strong technical foundation: substantive engagement on cloud (Microsoft / Azure preferred), endpoint security, network security, and identity
• Executive presence — able to sit across from a managing partner and earn their trust quickly
• Willing and able to act as a principal technology advisor on decisions that extend beyond strict security scope

Preferred Experience

• Active CISSP, CISM, or CCISO
• Prior in-house experience inside a public accounting firm's IT or risk organization
• Familiarity with SOC 2 and PCI in adjacent contexts

Compensation

• $100–$125/hour, 1099 contractor
• Approximately 20 hours per month, with rare months extending toward 40