Culture & Careers

Vancord’s vISO is delivered as a team in contrast to virtual CISO offerings of our competitors. Most engagements take place at the customer executive or leadership level to develop strategy, prioritize spend, communicate with business partners, and similar. Other discussions are more operations focused, covering deeply technical subjects to analyze specific issues and provide tactical guidance.  Ideal candidates to join the vISO team will be able to straddle this line with ease, dynamically adapting to the appropriate audience and acting as a translator across customer teams for organizational security needs.  

Qualified candidates should have prior experience as a CISO, virtual CISO, CIO, or equivalent role, previously associated with organizations in manufacturing, legal, healthcare, or higher education. In keeping with the vISO team-driven approach, applicants who work in close conjunction with executive roles are also encouraged to apply if they demonstrate competence in engaging across organization business units.

Responsibilities:

• Development, refinement, and sustainment of an information security program
• Executive level reporting to convey security initiatives, compliance status, and organizational needs 
• Development and refinement of organizational/departmental policies and procedures
• Vendor risk review and management
• Third party attestations to represent customer security practices (e.g., for cyber liability insurance application/renewal)
• Guidance and triage assistance to evaluate security events
• Security awareness training and outreach to bolster customer staff vigilance to meet compliance obligations
• Mentorship and coaching of customer staff to elevate security acumen and familiarity
• Risk management and tracking
• Authorship of guidance for broad distribution to customer staff members

Qualifications:

• Current or former CISO, CIO, information security architect, virtual equivalent (e.g., vCISO), or combined work experience in mid-sized organizations 
• Ability to learn and accommodate organizational culture of each customer
• CISSP, CISM, GIAC certification, or combination of work and experience 
• Demonstrable familiarity with compliance landscape across areas such as NIST 800-171/800-53/CSF, CMMC, HIPAA, GLBA, data privacy
• Understanding of vulnerability measurement, triage, prioritization, and risk management
• Competence in data security governance, classification, and related safeguards
• Familiarity across multiple industries and disciplines

• Refined written communication skills
• Ability to adapt to a varied audience on the fly, including the ability to translate needs, and build bridges between unrelated departments
• Professional background that includes technical engineering work
• Keen awareness that security is ever evolving and requires balance

Remote work is the norm for most engagements with Vancord’s vISO service. Occasional travel to customer sites is possible (e.g., for executive reporting, tabletop exercises, etc.).

Compensation commensurate with experience.