Posted time March 25, 2025 Location Remote Job type Full-time

Job Position Summary
Our client is seeking a highly skilled Senior Virtual Information Security Officer (Sr. VISO) to join our Governance, Risk, and Compliance (GRC) team. This individual will be responsible for managing large-scale client engagements, developing security and compliance solutions, and providing strategic guidance to clients on information security best practices. The Sr. VISO will play a key role in integrating multiple regulatory frameworks into a single Information Security Policy Management (ISPM) system, mentoring junior team members, and ensuring the successful delivery of security projects.

Key Responsibilities
Client Engagement & Technical Leadership
Provide pre-sales technical support during client sales conversations, articulating security deficiencies and technical solutions.

Lead and manage large-scale security projects, including risk management and milestone approvals.

Develop and guide custom security solutions with oversight from the GRC Director.

Understand client departmental functions (Finance, HR, IT, etc.) and their role in achieving business objectives.

Stay updated on regulatory frameworks (NIST, PCI DSS, HIPAA, etc.) and assist clients in compliance efforts.

Security Program Development & Compliance
Demonstrate expertise in NIST 800-53 controls and train junior GRC team members.

Integrate security controls across multiple frameworks while avoiding technical and policy gaps.

Research, develop, and implement policies and procedures to meet complex security requirements.

Create custom security training programs using KnowBe4 and conduct live training sessions.

Lead the development of Incident Response & Disaster Recovery plans, guiding clients during real-world events.

Governance, Risk, and Compliance (GRC)
Suggest adjustments to Business Impact Analysis (BIA) processes based on client needs.

Develop System Security Plans, Vulnerability Management Plans, and Third-Party Risk Management programs.

Provide expert contract review and feedback on third-party legal agreements.

Conduct strategic analysis to align client security roadmaps with business objectives.

Security Engineering & IT Expertise
Expert knowledge in:

Networking (firewalls, routers, VPNs)

Infrastructure (servers, databases, cloud environments)

Cybersecurity principles (threat types, vulnerabilities, mitigations)

Data Management & Storage (backup, recovery, cloud storage)

Change Management (secure IT system updates)

Security Engineering Best Practices:

Least Privilege, Separation of Duties, Auditability, Defense in Depth, Minimization, DevSecOps

Security Tools & Technologies
Proficiency in:

SIEM platforms (Splunk, QRadar, LogRhythm)

Vulnerability Management (Qualys, Nessus, Rapid7)

IAM Solutions (Okta, Azure AD, SailPoint)

Data Loss Prevention (DLP) (Symantec DLP, Forcepoint)

Endpoint Protection (CrowdStrike, Microsoft Defender)

Team Leadership & Quality Assurance
Identify opportunities to improve team efficiency and work quality.

Develop and mentor junior GRC team members.

Perform full QA on deliverables to meet Assura’s standards.

Gradually take over QA responsibilities from the GRC Director.

Qualifications & Skills
Bachelorโ€™s degree in Information Security, Computer Science, or related field (or equivalent experience).

8+ years of experience in GRC, cybersecurity consulting, or IT security leadership.

Deep understanding of security compliance frameworks (NIST, PCI DSS, HIPAA, ISO 27001, etc.).

Strong experience in developing policies, risk management programs, and security strategies.

Ability to manage multiple complex client projects simultaneously.

Strong written and verbal communication skills, including the ability to train and mentor others.