vCISO Manager (MSSP or MSP) - Remote (USA)

About us: At Echelon Risk + Cyber, we believe in defending basic human rights to security and privacy. We seek a highly skilled and experienced Cybersecurity Expert with extensive experience serving as a Senior Cybersecurity Consultant, Leader, Manager or Virtual Chief Information Security Officer (vCISO) to join our dynamic team at Echelon Risk + Cyber, a leading cybersecurity consulting firm. Our next team member will be ready to roll up their sleeves and identify opportunities for our clients and for Echelon internally with unquestioned integrity. This team member will be passionate about cybersecurity and ready to use their knowledge to be an Entrepreneurial Problem Solver and work alongside their Echelon team members to build creative solutions.

As a Manager or Virtual Chief Information Security Officer (vCISO) you will provide strategic cybersecurity guidance at the executive level, ensuring comprehensive security governance, risk management, and compliance for organizations ranging from mid-market to enterprise. Possesses a strong background in both technical security and compliance requirements, coupled with a proven track record in architecting robust security teams and toolsets.

At Echelon, you will have the opportunity to engage with clients, business partners and systems that are at the cutting edge of technology. We allow our employees to build from the ground up and make an impact across the organization. We look for driven and proactive people that are eager to contribute to a distinct and thriving Cybersecurity services organization, that can adapt to a rapid and changing environment

This is a remote position from anywhere in the USA.

What You Will Do:

Strategic Insight & Executive Guidance:

• Provide expert cybersecurity consulting services at the C-suite level.
• Advise on the development and execution of comprehensive security strategies.
• Attend and contribute to senior-level meetings, including security steering committee and board meetings.
• Develop and maintain security roadmaps aligned with business objectives.
• Facilitate executive workshops and training sessions to promote security awareness.
• Plan, scope, and execute Virtual CISO advisory and Managed Security Services engagements.
• Develop and maintain cybersecurity policies, procedures, and control frameworks.
• Create client-facing presentations, reports, and analytics, communicating results to stakeholders.

Governance, Risk, and Compliance (GRC):

• Manage risk assessment and mitigation processes.
• Align cybersecurity initiatives with organizational risk management strategies.
• Implement and manage enterprise-wide GRC platforms and tools.
• Review and assess security controls against cybersecurity best practices and compliance frameworks (e.g., CIS, NIST, ISO, PCI, CMMC, SOC, HIPAA).
• Conduct client discoveries, assessments, and compliance checks, including interviews, documentation reviews, and reporting.
• Coordinate audits, compliance assessments, and regulatory reporting (e.g., SEC, NYDFS, CMMC, PCI, HIPAA, FedRAMP, GDPR, SOX).

Technical Security Expertise:

• Advise on and oversee the implementation of security technologies, including SIEM, IDS/IPS, endpoint protection, data protection, and cloud security tools.
• Oversight and management of ongoing security initiatives, including vulnerability scanning, penetration testing, and security audits.
• Coordinate incident response planning and threat management initiatives.
• Provide advisory support on integrating and optimizing security tools and technologies.

Team Leadership & Development:

• Build, mentor, and lead high-performing security teams.
• Collaborate across functions to enhance security awareness and practices.
• Develop professional development programs and succession planning for security staff.
• Lead and support crisis management and response teams.

Thought Leadership & Community Engagement:

• Produce thought leadership content for blogs, webinars, and articles.
• Engage with the cybersecurity community through attendance or speaking at conferences.

Your knowledge, skills, and abilities:

• 20+ years in professional cybersecurity and technical roles, with senior-level leadership and advisory experience, including at least 5 years of experience as a cybersecurity or technical consultant, preferably in Managed Services.
• Proven ability to manage multiple, simultaneous client engagements and deliver quality results under tight deadlines. This includes strong organizational and management skills.
• Experience in Governance, Risk, and Compliance (GRC) planning, development, and management, including Information Security policy and procedure development.
• Experience in a variety of industries, including finance, banking, private equity, healthcare, critical infrastructure, technology services, and other regulated environments.
• Proficient in leading Cybersecurity Frameworks (e.g., CIS, NIST, ISO, SOC2, COBIT, ITIL, PCI, GDPR and HIPAA).
• Experience aligning security strategies with compliance requirements (e.g., SEC, NYDFS, GDPR, CMMC, SOX).
• Knowledge of Cloud systems, applications, and security tools (e.g., EDR, MDR, SIEM, CSPM, IAM).
• Familiarity with network security, data security, vulnerability management, incident response practices, disaster recovery and third-party risk management.
• Certification: CISSP, CISA, CISM, CRISC, CGRC, CvCISO, CGEIT or similar.
• Education: Degree in Information Systems, Computer Science, or a related discipline is preferred.
• Applicants must have authorization to work in the United States without current or future visa sponsorship.

Preferred Qualifications:

• Extensive experience working as a consultant for Managed Service Providers (MSPs) or Managed Security Service Providers (MSSPs).
• Experience building a security program, including the adoption of a cybersecurity framework and developing a roadmap (e.g., priorities, timelines, budgets).
• Experience with technical or cybersecurity assessments and/or audits.
• Demonstrated ability to plan and coordinate cybersecurity programs with strong project management, presentation and communication experience.
• Strong executive advisory skills, capable of developing extensive reports and presentations, and delivering complex security concepts to diverse stakeholders, including non-technical audiences.
• Superior attention to detail, with a strong aptitude for technical and strategic problem-solving.
• Actively participate in cybersecurity thought leadership and industry events.
• Intellectual curiosity with a continuous learning mindset.
• Adaptability and versatility in a fast-paced, demanding environment.

Why Echelon?

We are committed to creating an inclusive environment for our team with unquestioned integrity. If you have a special need that requires accommodation, please let your recruiter know. One of our core values in "People with Personality" and we want to allow you the space to bring your full self to work.

We currently offer the following benefits:

• Access to medical, dental, and vision insurance through Cigna, with the majority of the employee cost covered by the employer.
• Employer funding to HSA accounts and FSA access.
• Access to a 401(k) through Vanguard with a guaranteed employer contribution
• Flexible vacation policy that allows you to manage your schedule and rest and recharge when you need to
• 11 holidays with flexibility based on what is important for you and those you love.
• Employer-paid short-term and long-term disability, employer-paid life insurance, and access to additional life insurance, hospital coverage, accidental coverage, discounted mental health support, and more.
• Support for individual development through certifications, continued learning, conferences, and more

We value a diverse workforce and a culture of inclusivity and belonging. All employment decisions shall be made without regard to age, race, creed, color, religion, gender, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Echelon Risk + Cyber is an Equal Opportunity Employer.