Virtual Chief Information Security Officer (vCISO)
iCorps Technologies · Woburn, MA · 1 mo ago
Information TechnologyFull-time
About the role
iCorps Technologies has delivered IT consulting and managed services to mid-market clients since 1994. We specialize in cloud computing, cybersecurity, IT governance, and outsourced IT support. We are a Microsoft Solutions Partner and Cloud Service Provider, and a Microsoft US Partner Award Winner for Security and Compliance.
Responsibilities
- Active Security Advisor: Provide hands-on advisory guidance on day-to-day security decisions: architecture choices, control implementation, vendor selection, configuration questions, incident calls, and the steady stream of judgment calls a maturing program generates.
- vCISO Alignment of Business, Governance, and Technical Control: Set and run the security program so the client is aligned to the frameworks that apply: NIST CSF 2.0, ISO 27001:2022, CMMC 2.0 (meaningful given our DoD-adjacent client base), SOC 2, HIPAA, PCI DSS 4.0, US state privacy laws led by CCPA, SEC cyber disclosure where applicable, and cyber insurance attestations. Translate executive intent into governance structure, governance into policy, policy into control, and control state into board-ready reporting. Stand up and run a recurring security committee at each client.
- Gap Analysis and Assessment: Run baseline assessments at engagement kickoff, periodic reassessments on an agreed cadence, and targeted assessments tied to events such as acquisitions, regulatory change, new product lines, or CMMC certification cycles. Produce remediation roadmaps with sequencing, ownership, and effort the client can fund and execute. Run post-incident assessments to verify whether controls performed the way the program described.
Requirements
- At least ten years in information security, with meaningful time in a leadership role. Prior CISO or deputy CISO experience is strongly preferred.
- Demonstrated experience running gap analyses against more than one major framework and translating findings into roadmaps clients funded and executed.
- Direct experience aligning a business to NIST CSF, ISO 27001, SOC 2, HIPAA, or CMMC, with enough range to pick up the others. CMMC 2.0 working knowledge is a meaningful advantage.
- A point of view on AI governance and the secure adoption of generative AI in a business setting.
- Fluency with modern identity, endpoint, cloud, and detection tooling, with enough depth to tell a good implementation from a bad one.
- Judgment on where to invest, where to defer, and where to accept risk, and the communication skills to explain that judgment to a CFO, general counsel, or board member.
- A bachelors degree in computer science, information systems, cybersecurity, or a related field, or equivalent experience.
Qualifications
- Required at hire or within a reasonable onboarding window: CISSP or CISM. Preferred: CCSP for cloud-heavy engagements, CRISC for governance and risk, CISA for audit, CMMC CCP or CCA for clients pursuing CMMC certification, and relevant GIAC certifications (GSLC, GCIH, GPCS) where they match the engagement focus.