Virtual CISO & Cybersecurity Practice Lead

Who We Are

Reputation Management Consultants (RMC) is an affiliated organization with a premier advisory firm specializing in reputation management and strategic consulting for mid-market companies and high-profile clients. We are launching a dedicated cybersecurity division to address a critical truth our clients face every day: a data breach is a reputation event. We're building an AI-powered cybersecurity practice from the ground up and are looking for a senior practitioner to lead it.

Position Overview

You will serve as the senior cybersecurity practitioner and virtual CISO to a growing portfolio of mid-market clients (typically $25M–$150M in revenue, 100–1,000 employees). You will own the full client lifecycle, from initial security risk assessments through ongoing advisory, compliance management, and incident response coordination.

Key Responsibilities

• Serve as the outsourced CISO for 8–12 clients, providing executive-level security leadership on a fractional basis
• Conduct security risk assessments, gap analyses, and penetration testing oversight for prospective and current clients
• Develop and maintain security programs, policies, and incident response plans tailored to each client's risk profile and regulatory environment
• Manage compliance frameworks including SOC 2, HIPAA, PCI-DSS, CCPA, NIST CSF, and CMMC
• Present security posture, risk exposure, and remediation roadmaps to boards of directors, C-suites, and audit committees in clear, business-oriented language
• Oversee and leverage AI-driven security tooling for vulnerability scanning, log analysis, threat detection, and compliance evidence collection
• Quarterback incident response when clients face active threats or breaches, coordinating forensics, legal, communications, and remediation
• Collaborate with RMC's reputation management team to deliver integrated crisis response when security events create reputational exposure
• Participate in business development — joining sales conversations, scoping engagements, and helping close new cybersecurity retainers
• Recruit, manage, and mentor junior analysts as the practice scales
• Build standardized methodologies, reporting templates, and delivery playbook