Position Overview
You will serve as the senior cybersecurity practitioner and virtual CISO to a growing portfolio of mid-market clients (typically $25M–$150M in revenue, 100–1,000 employees). You will own the full client lifecycle, from initial security risk assessments through ongoing advisory, compliance management, and incident response coordination.
Key Responsibilities
• Serve as the outsourced CISO for 8–12 clients, providing executive-level security leadership on a fractional basis
• Conduct security risk assessments, gap analyses, and penetration testing oversight for prospective and current clients
• Develop and maintain security programs, policies, and incident response plans tailored to each client's risk profile and regulatory environment
• Manage compliance frameworks including SOC 2, HIPAA, PCI-DSS, CCPA, NIST CSF, and CMMC
• Present security posture, risk exposure, and remediation roadmaps to boards of directors, C-suites, and audit committees in clear, business-oriented language
• Oversee and leverage AI-driven security tooling for vulnerability scanning, log analysis, threat detection, and compliance evidence collection
• Quarterback incident response when clients face active threats or breaches, coordinating forensics, legal, communications, and remediation
• Collaborate with RMC's reputation management team to deliver integrated crisis response when security events create reputational exposure
• Participate in business development — joining sales conversations, scoping engagements, and helping close new cybersecurity retainers
• Recruit, manage, and mentor junior analysts as the practice scales
• Build standardized methodologies, reporting templates, and delivery playbooks that allow the practice to scale without sacrificing quality
Qualifications
• 7-10+ years of hands-on cybersecurity experience spanning at least two of the following: penetration testing, incident response, security architecture, GRC (governance, risk, and compliance)
• 3+ years operating at the CISO, Director of Security, or senior consulting level, you've sat in the room with boards and translated technical risk into business impact
• CISSP certification (active and in good standing)
• Deep working knowledge of SOC 2, HIPAA, NIST CSF, and at least one additional framework (PCI-DSS, ISO 27001, CMMC, CCPA)
• Experience building or significantly expanding a security program from early stages, not just maintaining one someone else built
• Ability to manage multiple client engagements simultaneously without quality degradation
• Comfortable participating in sales and business development conversations — you understand that your credibility is what closes deals
Nice-to-Haves
• CMMC Registered Practitioner (RP) or Certified CMMC Assessor (CCA) — the Southern California defense industrial base is a priority vertical
• Additional certifications: CISM, CRISC, OSCP, GPEN, or SANS GIAC credentials
• Experience running a cybersecurity consulting practice, MSSP, or vCISO firm — either as founder or practice lead
• Background in incident response or digital forensics
• Familiarity with AI-driven security platforms and willingness to integrate emerging AI tooling into service delivery
• Experience with cyber insurance underwriting requirements and risk assessment frameworks
• Existing professional network in the Southern California cybersecurity community
What Will Set You Apart
• You've built something before, a practice, a team, a firm, and you want to do it again with resources and infrastructure behind you
• You can explain a zero-day exploit to a board member and a budget justification to a CFO in the same meeting
• You're not just a technician who moved into management, you genuinely enjoy the client relationship and advisory aspects of the work
• You see AI as a force multiplier for your expertise, not a threat to it
Compensation & Structure
• Base salary: $200,000 – $300,000 depending on experience and credentials
• Performance bonus: Up to 25% of base, tied to client acquisition, retention, and practice revenue targets
• Revenue participation: Structured incentive on new business you source and close, designed to reward you as a practice builder, not just a practitioner
• Benefits: Health, dental, vision, 401(k)
• Equity / profit-sharing potential: As the cybersecurity division scales, this is a founding role and we structure compensation to reflect that
Work Arrangement
Remote