vCISO

Submit your application and resume through our online form. We'll review your qualifications and get back to you soon.

Silpa Companies, LLC is a national IT consulting and staffing firm empowering organizations across multiple industries through a blend of AI adoption, Master Data Management, Data & Analytics, Cybersecurity, Cloud Engineering, DevSecOps/GitOps, Fractional C-Suite leadership, Digital Transformation, and M&A advisory for private equity and software ventures.

Role Description

Silpa Secure is seeking a rare breed of vCISO, one who can lead from the front and work from the ground up. This is not a boardroom-only role. As a virtual CISO, you will serve as the fractional senior security authority across multiple client engagements simultaneously, while remaining fully capable of rolling up your sleeves to perform hands-on penetration testing, conduct GRC audits, build security programs, and architect defensive controls alongside the teams you lead. You will be deployed to client organizations that need executive-level security leadership paired with practitioner-grade execution. Whether you are scoping a red team engagement, presenting a risk register to the Board, designing a cloud security architecture, or building a compliance program from scratch, you do not hand that work off. You own it end to end. This role is designed for a proven security leader who has never lost touch with the technical craft and thrives in fast-moving, high-stakes client environments.

Key Responsibilities

• Serve as the senior security authority and trusted advisor for client organizations across the engagement lifecycle.
• Develop, present, and own client-facing security strategies, risk roadmaps, and program maturity plans at the CISO, CIO, and Board level.
• Define security vision aligned to client business objectives, risk appetite, and regulatory obligations.
• Lead security program builds from the ground up including governance structures, policies, team design, and tooling architecture.
• Advise on security investment priorities, vendor selection, and technology stack decisions.
• Plan and personally execute penetration tests across network infrastructure, web applications, APIs, cloud environments, and social engineering scenarios.
• Conduct manual exploitation, post-exploitation, lateral movement, and privilege escalation as part of scoped red team or penetration testing engagements.
• Produce executive and technical penetration test reports with risk-rated findings, CVSS scoring, and prioritized remediation guidance.
• Lead debrief sessions with client technical teams and executive stakeholders following offensive security engagements.
• Lead and personally conduct GRC assessments against SOC 2, ISO 27001, NIST CSF, NIST 800-53, HIPAA, CMMC, PCI DSS, and other applicable frameworks.
• Evaluate policy and control environments, conduct personnel interviews, review evidence, and assess control design and operating effectiveness.
• Produce gap analyses, audit findings registers, compliance roadmaps, and board-ready risk reports.
• Support clients through regulatory readiness, third-party audit preparation, and certification efforts.
• Design and evaluate security architectures across on-premises, hybrid, and cloud environments (AWS, Azure, GCP).
• Assess and advise on SIEM, EDR, SOAR, DLP, PAM, IAM, and zero-trust architecture implementations.
• Lead or directly support incident response planning, tabletop exercises, and active incident containment when required.
• Evaluate DevSecOps pipelines and application security posture as part of holistic program reviews.

What We Are Looking For

• 10+ years of progressive cybersecurity experience, including time in both practitioner and leadership roles.
• Demonstrated ability to personally conduct hands-on penetration tests, not just oversee them.
• Deep expertise in GRC with direct experience leading audits and assessments against major compliance frameworks.
• Proven track record of building, maturing, or transforming enterprise security programs.
• Equally comfortable presenting to a Board of Directors and running a Metasploit session.
• Strong experience advising executive and C-suite stakeholders on security risk, investment priorities, and regulatory obligations.
• Skilled at producing client-ready deliverables including board presentations, risk registers, audit reports, and penetration test findings.
• Prior experience in a consulting, fractional, vCISO, or client-facing security leadership capacity is strongly preferred.
• Familiarity with AI/ML security risks, cloud-native security, and modern DevSecOps environments.

Eligibility Requirements

• Authorized to work in the U.S.
• Candidates located in the Houston, Texas area will be given preference; however, remote practitioners will also be considered.
• Reliable, secure internet connection and ability to travel to client sites as required by engagement scope.
• Available to mobilize within a standard engagement window and maintain consistent availability throughout project duration.

Why Join Us?

Silpa Secure places vCISOs inside organizations that are serious about security transformation but need a smarter model to get there. Our clients span financial services, healthcare, energy, and technology, and they engage us at the executive level because they need leadership that can both set direction and deliver. As part of our vCISO network, you will lead high-impact engagements where your technical depth and executive presence are equally valued. The vCISO model gives you the autonomy to work across multiple clients, build a diverse portfolio of engagements, and avoid the constraints of a single-employer structure, while Silpa Secure handles the business development and client relationships that keep your pipeline full. Practitioners who deliver become the first call for expanded scope, long-term retainers, and multi-client relationships across the Silpa portfolio.

#J-18808-Ljbffr