Virtual CISO & Cybersecurity Practice Lead

WHO WE AREThe PR industry hasn't really changed in fifty years. Relationships, lunches, luck, and a clip report at the end of the month.Interdependence is rebuilding it from the ground up. Interviewed, our proprietary platform, analyzes 300,000+ stories every day across a network of 250,000 journalists. We turn earned media into something measurable, repeatable, and worth paying for — and apply the same data and discipline across paid, social, content, and brand. Integrated marketing run by one team, on one system, accountable to one result.Forbes named us one of America's Best PR Agencies. Our 100+ person team works with brands, CMOs, founders, and entrepreneurs across consumer, healthcare, tech, B2B, travel and entertainment.We move fast. The best argument wins. We hire for sharp thinking, real craft, and ownership from day one. If you want comfortable, this isn't the place. If you want to win, build with us.THE ROLEYou will serve as the senior cybersecurity practitioner and virtual CISO to a growing portfolio of mid-market clients (typically $25M–$150M in revenue, 100–1,000 employees). You will own the full client lifecycle, from initial security risk assessments through ongoing advisory, compliance management, and incident response coordination.KEY RESPONSIBILITIESServe as the outsourced CISO for 8–12 clients, providing executive-level security leadership on a fractional basisConduct security risk assessments, gap analyses, and penetration testing oversight for prospective and current clientsDevelop and maintain security programs, policies, and incident response plans tailored to each client's risk profile and regulatory environmentManage compliance frameworks including SOC 2, HIPAA, PCI-DSS, CCPA, NIST CSF, and CMMCPresent security posture, risk exposure, and remediation roadmaps to boards of directors, C-suites, and audit committees in clear, business-oriented languageOversee and leverage AI-driven security tooling for vulnerability scanning, log analysis, threat detection, and compliance evidence collectionQuarterback incident response when clients face active threats or breaches, coordinating forensics, legal, communications, and remediationCollaborate with RMC's reputation management team to deliver integrated crisis response when security events create reputational exposureParticipate in business development — joining sales conversations, scoping engagements, and helping close new cybersecurity retainersRecruit, manage, and mentor junior analysts as the practice scalesBuild standardized methodologies, reporting templates, and delivery playbooks that allow the practice to scale without sacrificing quality QUALIFICATIONS7-10+ years of hands-on cybersecurity experience spanning at least two of the following: penetration testing, incident response, security architecture, GRC (governance, risk, and compliance)3+ years operating at the CISO, Director of Security, or senior consulting level, you've sat in the room with boards and translated technical risk into business impactCISSP certification (active and in good standing)Deep working knowledge of SOC 2, HIPAA, NIST CSF, and at least one additional framework (PCI-DSS, ISO 27001, CMMC, CCPA)Experience building or significantly expanding a security program from early stages, not just maintaining one someone else builtAbility to manage multiple client engagements simultaneously without quality degradationComfortable participating in sales and business development conversations — you understand that your credibility is what closes deals NICE TO HAVECMMC Registered Practitioner (RP) or Certified CMMC Assessor (CCA) — the Southern California defense industrial base is a priority verticalAdditional certifications: CISM, CRISC, OSCP, GPEN, or SANS GIAC credentialsExperience running a cybersecurity consulting practice, MSSP, or vCISO firm — either as founder or practice leadBackground in incident response or digital forensicsFamiliarity with AI-driven security platforms and willingness to integrate emerging AI tooling into service deliveryExperience with cyber insurance underwriting requirements and risk assessment frameworksExisting professional network in the Southern California cybersecurity community WHAT WILL SET YOU APARTYou've built something before, a practice, a team, a firm, and you want to do it again with resources and infrastructure behind youYou can explain a zero-day exploit to a board member and a budget justification to a CFO in the same meetingYou're not just a technician who moved into management, you genuinely enjoy the client relationship and advisory aspects of the workYou see AI as a force multiplier for your expertise, not a threat to it WHY THIS ROLEYou'll have an existing client base to cross-sell into from day one. You'll have AI-powered tooling that handles the repetitive analytical work so you can focus on the high-value advisory that clients actually pay for. And you'll have a leadership team that understands professional services, client management, and scaling consulting practices. because that's what we've done for over two decades.If you want to build a cybersecurity practice with the autonomy of a founder and the support system of an established firm, this is it.COMPENSATION & STRUCTUREBase salary: $200,000 – $300,000 depending on experience and credentialsPerformance bonus: Up to 25% of base, tied to client acquisition, retention, and practice revenue targetsRevenue participation: Structured incentive on new business you source and close, designed to reward you as a practice builder, not just a practitionerBenefits: Health, dental, vision, 401(k)Equity / profit-sharing potential as the cybersecurity division scales, this is a founding role and we structure compensation to reflect that