Reflection Sciences, Inc. logo
Reflection Sciences, Inc.

The Science of Executive Function

Fractional CISO

CISOGeneralContractRemoteSeniorTeam 1-10Since 2014H1B No SponsorCompany SiteLinkedIn

Location

Pennsylvania

Posted

21 hours ago

Salary

0

Seniority

Senior

EnglishAWS

Job Description

Fractional CISO

Reflection Sciences, Inc.

• Review and harden our Statement of Applicability + evidence package (ISO 27001/NIST-mapped) responding to an enterprise customer's Information Security Addendum • Sign the risk assessment and SoA as the named security officer; be the security contact enterprise vendor-risk teams can call • Sit on 2–3 customer security-diligence calls alongside the CEO • Validate what we attest against reality with the CTO • Advise on a security-exception / compensating-controls request and, if required, scope a right-sized SOC 2 Type I path • Scope and manage our first external penetration test and own findings triage with the CTO • Quarterly review of the compliance-calendar output (access reviews, risk-assessment refresh, training, phishing simulations, BC/DR and restore tests) • Annual re-attestation support; named contact for customer audits under contractual audit rights • Review our breach-notification runbook and advise if an incident triggers it

Job Requirements

  • Prior CISO / vCISO / security-lead experience at a company that sold to large enterprises
  • Hands-on fluency with ISO 27001 / NIST CSF control mapping, SOC 2 (readiness through audit), and pragmatic compensating-controls / security-exception practice
  • Comfortable being the named, accountable individual — signing SoAs and risk assessments, taking customer calls, standing behind attestations
  • Technical enough to verify controls in an AWS + Cloudflare stack with the CTO (IAM, KMS, CloudTrail/logging, network posture)
  • Working knowledge of HIPAA applicability analysis (we maintain a no-PHI / not-a-business-associate posture and need it defended, not expanded) and GDPR-adjacent vendor obligations
  • Plain-spoken, fast, allergic to compliance theater.
  • Bonus: consumer wellness / health-adjacent data classification; EU AI Act awareness; prior work with AI-assisted compliance tooling.

Benefits

  • NDA required; the work references a Fortune-Global-500-scale counterparty under confidentiality.

Related Job Pages

More CISO Jobs

AMDT logo

Field CISO

AMDT

Production resilience delivered

CISO3 days ago
Full TimeRemoteTeam 51-200H1B No Sponsor

• Serve as the senior technical and strategic voice in customer conversations with CISOs, VPs of OT/Plant Security, and operations leadership • Partner with Account Executives and Solution Engineers on strategic and enterprise opportunities • Address hard questions on OT-specific risk • Speak credibly to OT/IT convergence • Build mutual close plans with sales teams • Design and deliver ongoing training for Solution Engineers and Account Executives • Build reusable assets: battlecards, discovery question frameworks, ROI/risk narratives • Act as a coach and technical mentor to the SE organization • Represent AMDT's point of view at industry events, customer roundtables, and OT security forums • Feed field insights and customer objections back to Product and Marketing

United States
Arcanys logo

Fractional CISO, vCISO

Arcanys

#1 Custom Software Development & Team Augmentation Partner in the Philippines

CISO3 days ago
Part TimeRemoteTeam 201-500Since 2010H1B No Sponsor

• Design a 12-month security roadmap • Establish a Risk Register • Mentor IT Manager, training developers on secure coding and DevSecOps • Ensure compliance with GDPR, Philippines Data Privacy Act, Australian Privacy Act • Draft and implement core policies and oversee security tool selection

Europe
JFrog logo

Field CISO

JFrog

On a mission to create a world of software delivered without friction from developer to device.

CISO18 days ago
Full TimeRemoteTeam 1,001-5,000Since 2008H1B Sponsor

• Forge strong partnerships with executive clients, gaining a deep understanding of their DevSecOps environments. • Develop and implement DevSecOps security strategies aligned with client objectives. • Advise/provide thought leadership on DevSecOps-focused security policies, procedures, and standards. • Stay up-to-date with emerging DevSecOps security technologies and trends. • Build and present shareable and public assets that position JFrog as trusted professionals in Software supply chain security domain. • Advise clients' DevSecOps practices comply with relevant cybersecurity regulations and standards. • Closely work with Product to share future of JFrog products based on requirements and insights.

California
$240K - $255K / year
Flare logo

Field CISO

Flare

Reimagining how attorneys and clients work together

CISO221 days ago
Full TimeRemoteTeam 201-500Since 2020H1B Sponsor

• Act as a public face of Flare, helping prospects and customers understand why identity is the defining threat of 2026 • Serve as Flare's primary point of contact across the sector ISACs, contributing research the communities actually use • Stay ahead of emerging and novel threats, and move fast: build talks and briefings on new campaigns while they are still news • Join customer and sales calls to help win business, communicating credibly with executive audiences • Host weekly threat briefings for our customers on the latest emerging threats • Create original research into stealer logs, identity-based threats, dark web and Telegram ecosystems, non-human identity, and emerging attack chains • Present that research at conferences, ISAC sessions, and executive briefings • Partner with marketing and sales so the research and relationships generate brand and pipeline as a second-order effect • Travel extensively • This role lives in the field, with a heavy conference and working-group calendar

United States