Virtual ciso (vciso)– grc advisor

About us: Since 1998, RKON has delivered IT transformation that helps private equity and enterprise firms achieve seamless security—from strategy to execution to managed services. We believe IT should serve the business strategy, not stand in the way of execution. Headquartered in Chicago, our team has developed a refined approach that delivers a clear vision of a scalable, agile, secure, cost-optimized, and low-risk end state. RKON is growing fast, and that growth means incredible opportunities for our team members. We pride ourselves on fostering a culture of creative thinking and collaboration, where ideas are valued, contributions are recognized, and professional development is a priority. Our people are at the heart of everything we do, and this commitment drives the extraordinary level of service we deliver to our customers. If you’re looking for a place where growth creates new possibilities and your potential is truly valued, RKON is the place for you. RKON does not accept unsolicited resumes from staffing agencies, search firms or any third parties. About the position: The vCISO Advisor serves as a fractional Chief Information Security Officer for multiple client organizations, providing executive-level security leadership, enterprise risk governance, and compliance oversight, independent of any managed IT provider. The vCISO is backed by a broader Security Advisory team including analysts, GRC specialists, offensive security testers, and other senior advisors.

Responsibilities

Include:

• Serve as the primary security executive advisor to client leadership and boards.
• Define and maintain security strategy, multi-year roadmaps, and risk priorities, aligned to NIST-based risk management practices.
• Own enterprise risk programs, including risk registers, treatment decisions, and maturity tracking.
• Lead audit and compliance readiness across common security and compliance frameworks.
• Govern incident response programs, including IR plans, tabletop exercises, and executive coordination during active incidents.
• Oversee client GRC platforms as the system of record for risk, controls, policies, vendors, and audit evidence.
• Lead vendor and service-provider risk management, including cyber insurance and customer security reviews.
• Manage multiple concurrent vCISO engagements while maintaining delivery quality, executive credibility, and client trust.
• Direct, review, and assure work performed by analysts, specialists, and other advisors in support of client objectives.

Required Technical and Professional Expertise

• 6+ years in information security, GRC, audit, or security program leadership.
• Demonstrated experience functioning as a vCISO, CISO, or senior CISO advisor.
• Deep hands-on experience with enterprise security and compliance frameworks including NIST.
• Proven ability to:
• Operate at the executive and board level
• Translate security risk into business and financial impact
• Advise client leadership in making risk acceptance, prioritization, and investment decisions
• Demonstrated leadership in:
• Incident response governance
• Third-party and service-provider risk
• Experience managing multiple clients in parallel.

Preferred Technical and Professional Expertise

• Microsoft data governance and information protection, including Purview, sensitivity labels, DLP, and records management.
• Cloud security governance across Azure, AWS, and SaaS platforms.
• Privacy engineering and data protection operations supporting global privacy programs.
• Identity and access governance, including privileged access management and zero trust strategies.
• Cyber insurance readiness and claims advisory.
• M&A cyber due diligence and post-close security integration.
• Business continuity and disaster recovery governance and tabletop facilitation.
• Security metrics, KRIs, and board-level reporting.
• Regulatory change management and policy modernization.
• Industry-related certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Auditor or Lead Implementor.

Compensation: The base salary range for this position is $155,000-$175,000. This is an estimated range based on the circumstances at the time of posting, however, may change based on a combination of factors, including but not limited to skills, experience, education, market factors, geographical location, budget, and demand. This position is also eligible for a bonus component that would be dependent on pre-defined performance factors. As part of our total compensation package, RKON provides a benefits package that includes health insurance (medical, dental, vision, life, and long and short-term disability insurance); flexible time off; and a 401(k) Plan with employer match to qualifying employees. All compensation determinations are based on the skills and experience required for the position and commensurate with experience of selected individuals, which may vary above and below the stated amounts.