Skills

Leadership

Job Specifications

hatch IT is partnering with Assura to find a Senior Virtual Information Security Officer (Senior VISO). Details below:

About the Company

Assura is a cybersecurity firm with nearly 20 years of singular focus on information security. We work primarily with state, local, and education (SLED) organizations that need real-world, practical security leadership — not checkbox compliance or theoretical frameworks. Our team is made up of career cybersecurity practitioners, not career consultants. We take the work seriously, but not ourselves. People stay here because they’re supported, trusted, and given room to grow.

About the Role

The Senior Virtual Information Security Officer (Senior VISO) is a CISO-level advisor who ensures the quality, consistency, and strategic direction of Assura’s GRC engagements. This is not a hands-on implementation role and not a people-management role (today). Think of this position as similar to a consulting engagement partner:

You guide strategy
You oversee quality
You mentor and support VISOs
You build client confidence at the executive level

Responsibilities

Provide CISO-level advisory guidance to Assura clients
Oversee and mentor Virtual ISOs (VISOs) delivering day-to-day GRC work
Review deliverables for accuracy, completeness, and real-world applicability
Act as a senior escalation point for complex client questions
Translate regulatory and technical requirements into clear, practical guidance
Support scope expansion conversations when new client needs emerge
Help evolve Assura’s GRC methodologies, templates, and service offerings

Qualifications

Strong experience with NIST frameworks (800-53, 800-171, CSF)
SEC 530 familiarity (Virginia Information Security Standard) strongly preferred
Prior consulting or advisory experience
Ability to communicate confidently with executives and boards
Excellent writing and documentation skills
Technical literacy sufficient to advise on controls (without implementing)

Required Skills

Strong experience with NIST frameworks (800-53, 800-171, CSF)
SEC 530 familiarity (Virginia Information Security Standard) strongly preferred
Prior consulting or advisory experience
Ability to communicate confidently with executives and boards
Excellent writing and documentation skills
Technical literacy sufficient to advise on controls (without implementing)

Preferred Skills

ISO, HIPAA, PCI exposure
SLED experience outside Virginia
Familiarity with GRC tools (e.g., Trastero)
Experience mentoring junior practitioners

Equal Opportunity Statement

Assura is committed to diversity and inclusivity in the workplace.

About the Company

Assura provides innovative cybersecurity advisory and managed services to all industries including government, healthcare, financial, manufacturing, and transportation sectors. Our unique capabilities include tying together risk-based cybersecurity with sustainable compliance and developing inventive technical solutions for our clients. Whether you need us for a single project or want our team of experts to manage your cybersecurity program, Assura has the solution that's right for you. Know more