Forge Path Fractional Virtual CISO (vCISO) Remote · Contractor
Apply for Fractional Virtual CISO (vCISO)

Engagement: Part-time / contract, ~20 hours per month (occasional months may extend toward 40) Location: Remote, with periodic travel to Winchester, VA for executive briefings and key meetings Reports to: ForgePath Security leadership; works directly with the client's CIO, CTIO, and managing partners

About Forge Path

Established in 2023, Forge Path delivers top-tier security consultancy and risk mitigation services. Forge Path brings industry experts to create robust compliance programs and strengthen operational security for commercial and government sectors. Headquartered in Norfolk, Virginia, with offices in Colorado, Idaho, and Massachusetts, we provide comprehensive security solutions nationwide. Our team includes thought leaders, security researchers, and ethical hackers passionate about innovation and crafting cutting-edge solutions.

Description

About the engagement

This is not a portfolio vCISO role. You will dedicate your hours to a single client — a regional CPA firm of about 350 people — and own their information security program end-to-end. The client's internal IT team handles operations; ForgePath owns security, and you are the senior face of that program.


The client values continuity and a close advisory relationship with their CISO. We are looking for someone who wants to go deep with one organization rather than rotate across many.


Responsibilities

  • Own the client's information security strategy, roadmap, governance, and executive reporting
  • Maintain and mature the firm's GLBA / FTC Safeguards Rule and HIPAA compliance posture
  • Serve as the executive-level security voice to the CIO, CTIO, managing partners, and audit/risk committee
  • Lead policy development, risk assessment, third-party risk, and incident response governance
  • Provide principal-level technical advisory on architecture, tooling, and cloud security decisions — security and adjacent technology
  • Partner with ForgePath delivery teams on tactical execution (pentest scoping, VM strategy, security tooling rollouts)
  • Brief the client's leadership quarterly and on-demand for major events


Required

  • 7+ years in information security leadership, including 3+ in a CISO, vCISO, or Director of Security capacity
  • Direct experience supporting CPA firms or comparable professional services environments
  • Working command of GLBA / FTC Safeguards Rule and HIPAA — applied, not just templated
  • Strong technical foundation: you can engage substantively on cloud (Microsoft/Azure preferred), endpoint security, network security, and identity
  • Executive presence — you can sit across from a managing partner and earn their trust quickly
  • Willing and able to act as a principal technology advisor on decisions that extend beyond strict security scope


Preferred

  • Active CISSP, CISM, or CCISO
  • Prior in-house experience inside a public accounting firm's IT or risk organization
  • Familiarity with SOC 2 and PCI in adjacent contexts


Compensation

  • $125–$150/hour, 1099 contractor
  • Approximately 20 hours per month, with rare months extending toward 40


Salary

$125 - $150 per hour

Apply for Fractional Virtual CISO (vCISO)