Fractional Security Lead/vCISO (Contract)

Job Description

Company: TSC Security

ABOUT TSC SECURITY

TSC Security is a cybersecurity services company that provides fractional security teams to venture-backed startups — seed through Series C. We run GRC programs, DevSecOps, and fractional CISO engagements end-to-end, with active SOC 2, ISO 27001, PCI DSS, HIPAA, and GDPR client work.

We are growing our delivery capacity and need a senior practitioner who can carry client accounts and run vCISO engagements with minimal oversight. This is a hands-on delivery role, not an advisory one.

WHAT YOU’LL DO
• Serve as primary security lead and vCISO across a portfolio of startup clients
• Own client relationships: strategic check-ins, QBRs, board and exec touchpoints
• Lead GRC delivery: SOC 2, PCI DSS v4.x, HIPAA, FedRAMP readiness assessments
• Review and approve deliverables — policies, risk assessments, control matrices, evidence packages
• Mentor GRC analysts on the team
• Coordinate with DevSecOps on technical controls and remediation tracking
• Maintain GRC platform environments for clients; advise on configuration and evidence collection
• Identify expansion opportunities within existing accounts

WHAT WE’RE LOOKING FOR

Must-haves:
• 7+ years in security, with 3+ in a vCISO, CISO, or senior GRC leadership role
• Deep hands-on experience with SOC 2, ISO 27001, and GDPR
• Comfortable running C-suite and conversations independently
• Strong written communication; deliverables you produce do not need a rewrite
• US-based or available during standard US business hours
• Startup or scale-up background

Nice-to-haves:
• CISSP, CISM, or equivalent (active preferred)
• GRC platform experience: Vanta, Drata, or similar

ENGAGEMENT & PATH

• Type:
Contract to start, with a clear path to W-2 as account load grows

• Hours:
~20 hrs/week initially; expected to grow with accounts

• Rate:
Competitive and commensurate with experience

• Location:
Remote; US hours

Source: BeBee