The Science of Executive Function
Fractional CISO
Location
Pennsylvania
Posted
21 hours ago
Salary
0
Seniority
Senior
Job Description
Fractional CISO
Reflection Sciences, Inc.
• Review and harden our Statement of Applicability + evidence package (ISO 27001/NIST-mapped) responding to an enterprise customer's Information Security Addendum • Sign the risk assessment and SoA as the named security officer; be the security contact enterprise vendor-risk teams can call • Sit on 2–3 customer security-diligence calls alongside the CEO • Validate what we attest against reality with the CTO • Advise on a security-exception / compensating-controls request and, if required, scope a right-sized SOC 2 Type I path • Scope and manage our first external penetration test and own findings triage with the CTO • Quarterly review of the compliance-calendar output (access reviews, risk-assessment refresh, training, phishing simulations, BC/DR and restore tests) • Annual re-attestation support; named contact for customer audits under contractual audit rights • Review our breach-notification runbook and advise if an incident triggers it
Job Requirements
- Prior CISO / vCISO / security-lead experience at a company that sold to large enterprises
- Hands-on fluency with ISO 27001 / NIST CSF control mapping, SOC 2 (readiness through audit), and pragmatic compensating-controls / security-exception practice
- Comfortable being the named, accountable individual — signing SoAs and risk assessments, taking customer calls, standing behind attestations
- Technical enough to verify controls in an AWS + Cloudflare stack with the CTO (IAM, KMS, CloudTrail/logging, network posture)
- Working knowledge of HIPAA applicability analysis (we maintain a no-PHI / not-a-business-associate posture and need it defended, not expanded) and GDPR-adjacent vendor obligations
- Plain-spoken, fast, allergic to compliance theater.
- Bonus: consumer wellness / health-adjacent data classification; EU AI Act awareness; prior work with AI-assisted compliance tooling.
Benefits
- NDA required; the work references a Fortune-Global-500-scale counterparty under confidentiality.
Related Guides
Related Categories
Related Job Pages
More CISO Jobs
• Serve as the senior technical and strategic voice in customer conversations with CISOs, VPs of OT/Plant Security, and operations leadership • Partner with Account Executives and Solution Engineers on strategic and enterprise opportunities • Address hard questions on OT-specific risk • Speak credibly to OT/IT convergence • Build mutual close plans with sales teams • Design and deliver ongoing training for Solution Engineers and Account Executives • Build reusable assets: battlecards, discovery question frameworks, ROI/risk narratives • Act as a coach and technical mentor to the SE organization • Represent AMDT's point of view at industry events, customer roundtables, and OT security forums • Feed field insights and customer objections back to Product and Marketing
Fractional CISO, vCISO
Arcanys#1 Custom Software Development & Team Augmentation Partner in the Philippines
• Design a 12-month security roadmap • Establish a Risk Register • Mentor IT Manager, training developers on secure coding and DevSecOps • Ensure compliance with GDPR, Philippines Data Privacy Act, Australian Privacy Act • Draft and implement core policies and oversee security tool selection
Field CISO
JFrogOn a mission to create a world of software delivered without friction from developer to device.
• Forge strong partnerships with executive clients, gaining a deep understanding of their DevSecOps environments. • Develop and implement DevSecOps security strategies aligned with client objectives. • Advise/provide thought leadership on DevSecOps-focused security policies, procedures, and standards. • Stay up-to-date with emerging DevSecOps security technologies and trends. • Build and present shareable and public assets that position JFrog as trusted professionals in Software supply chain security domain. • Advise clients' DevSecOps practices comply with relevant cybersecurity regulations and standards. • Closely work with Product to share future of JFrog products based on requirements and insights.
• Act as a public face of Flare, helping prospects and customers understand why identity is the defining threat of 2026 • Serve as Flare's primary point of contact across the sector ISACs, contributing research the communities actually use • Stay ahead of emerging and novel threats, and move fast: build talks and briefings on new campaigns while they are still news • Join customer and sales calls to help win business, communicating credibly with executive audiences • Host weekly threat briefings for our customers on the latest emerging threats • Create original research into stealer logs, identity-based threats, dark web and Telegram ecosystems, non-human identity, and emerging attack chains • Present that research at conferences, ISAC sessions, and executive briefings • Partner with marketing and sales so the research and relationships generate brand and pipeline as a second-order effect • Travel extensively • This role lives in the field, with a heavy conference and working-group calendar




