Virtual CISO (vCISO)– GRC Advisor

About Us

Since 1998, RKON has delivered IT transformation that helps private equity and enterprise firms achieve seamless security—from strategy to execution to managed services. We believe IT should serve the business strategy, not stand in the way of execution. Headquartered in Chicago, our team has developed a refined approach that delivers a clear vision of a scalable, agile, secure, cost-optimized, and low-risk end state.

RKON is growing fast, and that growth means incredible opportunities for our team members. We pride ourselves on fostering a culture of creative thinking and collaboration, where ideas are valued, contributions are recognized, and professional development is a priority. Our people are at the heart of everything we do, and this commitment drives the extraordinary level of service we deliver to our customers. If you’re looking for a place where growth creates new possibilities and your potential is truly valued, RKON is the place for you.

RKON does not accept unsolicited resumes from staffing agencies, search firms or any third parties.

About the Position

The vCISO Advisor serves as a fractional Chief Information Security Officer for multiple client organizations, providing executive-level security leadership, enterprise risk governance, and compliance oversight, independent of any managed IT provider. The vCISO is backed by a broader Security Advisory team including analysts, GRC specialists, offensive security testers, and other senior advisors.

Responsibilities Include

• Serve as the primary security executive advisor to client leadership and boards.
• Define and maintain security strategy, multi-year roadmaps, and risk priorities, aligned to NIST-based risk management practices.
• Own enterprise risk programs, including risk registers, treatment decisions, and maturity tracking.
• Lead audit and compliance readiness across common security and compliance frameworks.
• Govern incident response programs, including IR plans, tabletop exercises, and executive coordination during active incidents.
• Oversee client GRC platforms as the system of record for risk, controls, policies, vendors, and audit evidence.
• Lead vendor and service-provider risk management, including cyber insurance and customer security reviews.
• Manage multiple concurrent vCISO engagements while maintaining delivery quality, executive credibility, and client trust.
• Direct, review, and assure work performed by analysts, specialists, and other advisors in support of client