Information Security Consultant

hatch IT is partnering with Assura to find a Senior Virtual Information Security Officer (Senior VISO). Details below:About the CompanyAssura is a cybersecurity firm with nearly 20 years of singular focus on information security. We work primarily with state, local, and education (SLED) organizations that need real-world, practical security leadership "” not checkbox compliance or theoretical frameworks. Our team is made up of career cybersecurity practitioners, not career consultants. We take the work seriously, but not ourselves. People stay here because they're supported, trusted, and given room to grow.About the RoleThe Senior Virtual Information Security Officer (Senior VISO) is a CISO-level advisor who ensures the quality, consistency, and strategic direction of Assura's GRC engagements. This is not a hands-on implementation role and not a people-management role (today). Think of this position as similar to a consulting engagement partner:You guide strategyYou oversee qualityYou mentor and support VISOsYou build client confidence at the executive levelResponsibilitiesProvide CISO-level advisory guidance to Assura clientsOversee and mentor Virtual ISOs (VISOs) delivering day-to-day GRC workReview deliverables for accuracy, completeness, and real-world applicabilityAct as a senior escalation point for complex client questionsTranslate regulatory and technical requirements into clear, practical guidanceSupport scope expansion conversations when new client needs emergeHelp evolve Assura's GRC methodologies, templates, and service offeringsQualificationsStrong experience with NIST frameworks (800-53, 800-171, CSF)SEC 530 familiarity (Virginia Information Security Standard) strongly preferredPrior consulting or advisory experienceAbility to communicate confidently with executives and boardsExcellent writing and documentation skillsTechnical literacy sufficient to advise on controls (without implementing)Required SkillsStrong experience with NIST frameworks (800-53, 800-171, CSF)SEC 530 familiarity (Virginia Information Security Standard) strongly preferredPrior consulting or advisory experienceAbility to communicate confidently with executives and boardsExcellent writing and documentation skillsTechnical literacy sufficient to advise on controls (without implementing)Preferred SkillsISO, HIPAA, PCI exposureSLED experience outside VirginiaFamiliarity with GRC tools (e.g., Trastero)Experience mentoring junior practitionersEqual Opportunity StatementAssura is committed to diversity and inclusivity in the workplace.

Created: 2026-05-09