Near Shore Cyber

Role Description We are recruiting a dedicated fractional CISO for our Winchester, Virginia-based client, who delivers the security program for a regional CPA firm of about 350 people. This is not a portfolio role. All hours go to the single CPA firm engagement, and the hire owns the firm's information security program end-to-end. The CPA firm's internal IT team handles day-to-day operations. Our Winchester, Virginia-based client owns security on the firm's behalf, and the hire is the senior face of that program. The CPA firm values continuity and a close advisory relationship with their CISO, so this role suits someone who wants to go deep with one organization rather than rotate across many. - Own the CPA firm's information security strategy, roadmap, governance, and executive reporting - Maintain and mature the firm's GLBA / FTC Safeguards Rule and HIPAA compliance posture - Serve as the executive-level security voice to the CIO, CTIO, managing partners, and audit/risk committee - Lead policy development, risk assessment, third-party risk, and incident response governance - Provide principal-level technical advisory on architecture, tooling, and cloud security decisions — security and adjacent technology - Partner with the delivery teams of our Winchester, Virginia-based client on tactical execution (pentest scoping, VM strategy, security tooling rollouts) - Brief the CPA firm's leadership quarterly and on-demand for major events Qualifications - 7+ years in information security leadership, including 3+ in a CISO, vCISO, or Director of Security capacity - Direct experience supporting CPA firms or comparable professional services environments - Working command of GLBA / FTC Safeguards Rule and HIPAA — applied, not just templated - Strong technical foundation: substantive engagement on cloud (Microsoft / Azure preferred), endpoint security, network security, and identity - Executive presence — able to sit across from a managing partner and earn their trust quickly - Willing and able to act as a principal technology advisor on decisions that extend beyond strict security scope Preferred Experience - Active CISSP, CISM, or CCISO - Prior in-house experience inside a public accounting firm's IT or risk organization - Familiarity with SOC 2 and PCI in adjacent contexts Compensation - $100–$125/hour, 1099 contractor - Approximately 20 hours per month, with rare months extending toward 40