Fractional Virtual CISO (vCISO)

Executive / CISO
Norfolk, Virginia, US
May 25, 2026
Full Time
Apply Now

Job Description

Company: Forge Path

Location: Norfolk, US

About the engagementThis is not a portfolio vCISO role. You will dedicate your hours to a single client a regional CPA firm of about 350 people and own their information security program end-to-end. The client’s internal IT team handles operations; ForgePath owns security, and you are the senior face of that program.The client values continuity and a close advisory relationship with their CISO.

We are looking for someone who wants to go deep with one organization rather than rotate across many.ResponsibilitiesOwn the client’s information security strategy, roadmap, governance, and executive reportingMaintain and mature the firm’s GLBA / FTC Safeguards Rule and HIPAA compliance postureServe as the executive-level security voice to the CIO, CTIO, managing partners, and audit/risk committeeLead policy development, risk assessment, third-party risk, and incident response governanceProvide principal-level technical advisory on architecture, tooling, and cloud security decisions security and adjacent technologyPartner with ForgePath delivery teams on tactical execution (pentest scoping, VM strategy, security tooling rollouts)Brief the client’s leadership quarterly and on-demand for major eventsRequired7+ years in information security leadership, including 3+ in a CISO, vCISO, or Director of Security capacityDirect experience supporting CPA firms or comparable professional services environmentsWorking command of GLBA / FTC Safeguards Rule and HIPAA applied, not just templatedStrong technical foundation: you can engage substantively on cloud (Microsoft/Azure preferred), endpoint security, network security, and identityExecutive presence you can sit across from a managing partner and earn their trust quicklyWilling and able to act as a principal technology advisor on decisions that extend beyond strict security scopePreferredActive CISSP, CISM, or CCISOPrior in-house experience inside a public accounting firm’s IT or risk organizationFamiliarity with SOC 2 and PCI in adja

Source: BeBee

More Executive / CISO Jobs

View all Executive / CISO jobs →

Related Jobs