Job Summary:
Alluvionic is seeking an experienced Virtual Chief Information Security Officer (vCISO) to provide interim executive cybersecurity leadership for a Defense Industrial Base (DIB) client. This role will serve as the acting cybersecurity authority during a leadership transition and will ensure continuity of governance, compliance sustainment, and executive oversight.
The selected consultant must hold an active Top Secret (TS) clearance and be eligible to participate in classified discussions or incident response activities if required.
This is a part-time executive advisory engagement (approximately 20 hours per week) for an initial 3-month period, with potential for extension.
Key Responsibilities:
• Serve as acting executive cybersecurity authority for the organization
• Provide governance oversight of NIST SP 800-171 and CMMC Level 2 sustainment
• Maintain executive accountability for DFARS 252.204-7012 compliance posture
• Provide enterprise risk management oversight and advise on risk acceptance decisions
• Deliver executive-level cybersecurity reporting to senior leadership
• Oversee incident response activities, including participation in classified spill scenarios as needed
• Provide strategic oversight of CUI/CDI handling and enclave governance
• Advise on third-party cybersecurity risk at the executive level
• Support leadership in structuring and transitioning to a permanent CISO role
Required Qualifications:
• Active Top Secret (TS) security clearance (current and in-scope)
• 10+ years of progressive cybersecurity leadership experience
• Prior experience serving as CISO, Deputy CISO, or equivalent executive-level security role
• Demonstrated experience supporting Defense Industrial Base (DIB) organizations
• Deep knowledge of NIST SP 800-171, DFARS 252.204-7012, and CMMC Level 2 requirements
• Experience with CUI environments and regulated compliance programs
• Strong executive communication and stakeholder engagement skills
• Preferred Qualifications
• Experience supporting organizations through CMMC assessment or sustainment
• Familiarity with classified spill response protocols
• Experience operating in cleared contractor environments
Additional Information:
This engagement is structured as a 1099 independent consultant role. The consultant must be able to operate independently, provide strategic executive guidance, and engage effectively with senior leadership in a highly regulated cybersecurity environment.
Projects Supporting: Billable role for a prospective customer - Frontgrade. The client has not awarded us the contract and would need to review the resume and likely interview the candidate should we be selected. Their existing CISO is leaving the company on Feb 27 so they would like to backfill with a vCISO as soon as possible. This is contingent upon contract award AND candidate approval by client.