We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Virtual CISO & Cybersecurity Practice Lead at Interdependence. . Location: Remote. Who We Are.  . . Reputation Management Consultants (RMC) is an affiliated organization with a premier advisory firm specializing in reputation management and strategic consulting for mid-market companies and high-profile clients. We are launching a dedicated cybersecurity division to address a critical truth our clients face every day: a data breach is a reputation event. We're building an AI-powered cybersecurity practice from the ground up and are looking for a senior practitioner to lead it. .  . . This is not a staff role buried inside an org chart. This is a founding leadership position where you will build and run a cybersecurity practice within an established, profitable firm, with existing client relationships, sales infrastructure, and operational support behind you from day one..  . . Position Overview.  . . You will serve as the senior cybersecurity practitioner and virtual CISO to a growing portfolio of mid-market clients (typically $25M–$150M in revenue, 100–1,000 employees). You will own the full client lifecycle, from initial security risk assessments through ongoing advisory, compliance management, and incident response coordination..  . . Key Responsibilities.  . . . Serve as the outsourced CISO for 8–12 clients, providing executive-level security leadership on a fractional basis. . . Conduct security risk assessments, gap analyses, and penetration testing oversight for prospective and current clients . . Develop and maintain security programs, policies, and incident response plans tailored to each client's risk profile and regulatory environment . . Manage compliance frameworks including SOC 2, HIPAA, PCI-DSS, CCPA, NIST CSF, and CMMC . . Present security posture, risk exposure, and remediation roadmaps to boards of directors, C-suites, and audit committees in clear, business-oriented language . . Oversee and leverage AI-driven security tooling for vulnerability scanning, log analysis, threat detection, and compliance evidence collection . . Quarterback incident response when clients face active threats or breaches, coordinating forensics, legal, communications, and remediation . . Collaborate with RMC's reputation management team to deliver integrated crisis response when security events create reputational exposure . . Participate in business development — joining sales conversations, scoping engagements, and helping close new cybersecurity retainers . . Recruit, manage, and mentor junior analysts as the practice scales . . Build standardized methodologies, reporting templates, and delivery playbooks that allow the practice to scale without sacrificing quality.  . . . Qualifications:.  . . . 7-10+ years of hands-on cybersecurity experience spanning at least two of the following: penetration testing, incident response, security architecture, GRC (governance, risk, and compliance). . . 3+ years operating at the CISO, Director of Security, or senior consulting level, you've sat in the room with boards and translated technical risk into business impact . . CISSP certification (active and in good standing) . . Deep working knowledge of SOC 2, HIPAA, NIST CSF, and at least one additional framework (PCI-DSS, ISO 27001, CMMC, CCPA) . . Experience building or significantly expanding a security program from early stages, not just maintaining one someone else built . . Ability to manage multiple client engagements simultaneously without quality degradation . . Comfortable participating in sales and business development conversations — you understand that your credibility is what closes deals.  . . . Nice-to-Haves:.  . . . CMMC Registered Practitioner (RP) or Certified CMMC Assessor (CCA) — the Southern California defense industrial base is a priority vertical. . . Additional certifications: CISM, CRISC, OSCP, GPEN, or SANS GIAC credentials . . Experience running a cybersecurity consulting practice, MSSP, or vCISO firm — either as founder or practice lead . . Background in incident response or digital forensics . . Familiarity with AI-driven security platforms and willingness to integrate emerging AI tooling into service delivery . . Experience with cyber insurance underwriting requirements and risk assessment frameworks . . Existing professional network in the Southern California cybersecurity community.  . . . What will set you apart:.  . . . You've built something before, a practice, a team, a firm, and you want to do it again with resources and infrastructure behind you. . . You can explain a zero-day exploit to a board member and a budget justification to a CFO in the same meeting . . You're not just a technician who moved into management, you genuinely enjoy the client relationship and advisory aspects of the work . . You see AI as a force multiplier for your expertise, not a threat to it.  . . . Why This Role.  . . You'll have an existing client base to cross-sell into from day one. You'll have AI-powered tooling that handles the repetitive analytical work so you can focus on the high-value advisory that clients actually pay for. And you'll have a leadership team that understands professional services, client management, and scaling consulting practices. because that's what we've done for over two decades..  . . If you want to build a cybersecurity practice with the autonomy of a founder and the support system of an established firm, this is it..  . . Compensation & Structure.  . . . Base salary:.  $200,000 – $300,000 depending on experience and credentials. . . Performance bonus:.  Up to 25% of base, tied to client acquisition, retention, and practice revenue targets. . . Revenue participation:.  Structured incentive on new business you source and close, designed to reward you as a practice builder, not just a practitioner. . . Benefits:.  Health, dental, vision, 401(k). . . Equity / profit-sharing potential.  as the cybersecurity division scales, this is a founding role and we structure compensation to reflect that.  .