Fractional CISO

About the Company

Fractional CISO is the on-demand cybersecurity leadership company that provides Chief Information Security Officer (CISO) capabilities as a service. Small and medium sized companies turn to Fractional CISO to • Supplement their management team with a cybersecurity veteran to make appropriate risk based decisions. • Obtain the coaching necessary to confidently address cybersecurity issues. • Provide guidance to the Board of Directors about the company’s security posture and recommended plan. • Write, implement and maintain the organization’s cybersecurity policies, procedures and processes. • Implement and deliver a training program tailored to the organization’s needs. • Provide product security guidance via requirements, design review, threat modeling & development frameworks. • Create cybersecurity messaging for marketing and sales groups. • Develop plans for managing cybersecurity breaches. • Comply with industry and government regulations. • Provide direction on IoT projects from IoT industry thought leaders. A Chief Information Security Officer (CISO) is a senior-level team member that is responsible for establishing and maintaining an enterprise’s security vision, strategy, and programs to ensure information assets and technologies are appropriately protected. Fractional CISO provides your business the sophisticated security expertise that you require without the costly price tag of a full-time Chief Information Security Officer (CISO) and staff. Your organization can rely on Fractional CISO to address your security challenges so you can maintain focus on your core business. The Fractional CISO website is FractionalCISO.com. You can contact us via phone: +1 (617) 297-9509 or email: info@fractionalciso.com.

Listed Jobs

Company Name

Fractional CISO

Job Title

GRC Cybersecurity Analyst

Job Description

Job Title: GRC Cybersecurity Analyst Role Summary: Provide governance, risk, and compliance (GRC) leadership to mid‑size technology clients. Lead internal security audits, risk assessments, tabletop exercises, and policy development. Manage client projects, respond to security questionnaires, and support external compliance readiness. Serve as a trusted advisor on security strategy and program improvement. Expectations: - Minimum 2 + years in a technical security role (SOC analyst, incident responder, technical auditor, or IT administrator with security duties). - Strong ethical standards and high integrity. - Passion for solving clients’ security challenges and advancing cybersecurity best practices. - Proven project management and client‑account coordination. - Excellent written communication and technical writing skills. Key Responsibilities: - Conduct internal cybersecurity audits to verify compliance and security posture. - Design and run tabletop training exercises for incident response practice. - Perform quantitative risk assessments to guide investment decisions. - Respond to customer security questionnaires and vendor requests. - Draft and update security policy documents and program frameworks. - Collect evidence and prepare clients for external compliance audits. - Offer expert guidance on a broad range of security topics. - Project‑manage client engagements and timelines. - Contribute to improvement of service delivery and deliverable quality. Required Skills: - Experience in Security Operations Center (SOC) environments (SIEM, WAF, vulnerability scanning, penetration testing, MFA, SSO). - Knowledge of security compliance standards (SOC 2, ISO 27001, PCI‑DSS, HIPAA, TX‑RAMP). - Familiarity with Secure Software Development Lifecycle (S‑SDLC) practices. - Proficiency in system administration (Windows, Linux) and cloud platforms (AWS, Azure, GCP). - Network and firewall administration experience, including core networking protocols and services. - Understanding of encryption concepts and SSL/TLS certificates. - Basic scripting or programming skills. - Ability to communicate complex security concepts clearly and concisely. Required Education & Certifications: - Bachelor’s degree in Cybersecurity, Information Technology, or related field (or equivalent practical experience). - Cybersecurity certifications such as SSCP, CompTIA Security+, or equivalent. - Experience or knowledge of security frameworks (NIST CSF, CIS Controls, COBIT).

Auburndale, United states

Hybrid

Junior

16-12-2025