Senior Virtual CISO (vCISO)– GRC Advisor

About Us

RKON is an ISO27001 and AICPA SOC 2 Type II certified company that specializes in providing IT migration and transformation services for the Mergers and Acquisitions market. RKON was recently recognized as one of the 100 best places to work in IT, highlighting our competitive advantage of empowering thought leaders and providing cutting-edge solutions for the fast-paced industry of private equity. RKON is looking for ambitious professionals to join our award-winning team.

About the Position

The Senior vCISO Advisor serves as a fractional Chief Information Security Officer for multiple client organizations, providing executive-level security leadership, enterprise risk governance, and compliance oversight, independent of any managed IT provider. The Senior vCISO is backed by a broader Security Advisory team including analysts, GRC specialists, offensive security testers, and other senior advisors.

Responsibilities Include

• Serve as the primary security executive advisor to client leadership and boards.
• Define and maintain security strategy, multi-year roadmaps, and risk priorities, aligned to NIST-based risk management practices.
• Own enterprise risk programs, including risk registers, treatment decisions, and maturity tracking.
• Lead audit and compliance readiness across common security and compliance frameworks.
• Govern incident response programs, including IR plans, tabletop exercises, and executive coordination during active incidents.
• Oversee client GRC platforms as the system of record for risk, controls, policies, vendors, and audit evidence.
• Lead vendor and service-provider risk management, including cyber insurance and customer security reviews.
• Manage multiple concurrent vCISO engagements while maintaining delivery quality, executive credibility, and client trust.
• Direct, review, and assure work performed by analysts, specialists, and other advisors in support of client objectives.

Required Technical and Professional Expertise

• 10+ years in information security, GRC, audit, or security program lead