Virtual Chief Information Security Officer (vCISO)

Location: Hyderabad, India (In-Office with occasional client travel)

Experience: 12 - 18 years (Cybersecurity, GRC, Leadership)

Engagement Model: Client-Facing Advisory (Multi-client / Portfolio-based)

About NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defence.
AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time.
Our service packages are tailored to client needs and budgets, with external threat analysis provided at no cost - democratizing access to enterprise-grade cybersecurity for all.

Role Purpose

The Virtual Chief Information Security Officer (vCISO) serves as a senior cybersecurity advisor and governance leader for multiple client organizations. This role is responsible for translating cybersecurity risk into business context, establishing pragmatic governance models, and driving measurable improvements in security posture and compliance readiness.

This is a strategic and advisory role, focused on direction, oversight, and assurance.

Key Outcomes

Within the first 6 months, the vCISO will:

• Establish cybersecurity governance models across assigned clients

• Deliver baseline risk and maturity assessments (ISO/NIST aligned)

• Define and initiate security roadmaps aligned to business priorities

• Implement executive reporting dashboards and Board-level communication

• Support at least one audit, certification, or regulatory engagement

• Build trusted advisor relationships with senior leadership

Key Responsibilities

• Own and drive the vCISO advisory pillar from Nopal, shaping the cybersecurity strategy, service approach, and engagement model for assigned clients.

• Act as the primary cybersecurity advisor to client leadership, including CEOs, CIOs, CTOs, and Boards, on security posture, risk, and investment priorities.

• Define cybersecurity strategies, operating models, and multi-year roadmaps aligned to business goals and risk appetite.

• Establish governance structures, executive dashboards, KPIs, and reporting mechanisms that enable measurable risk reduction and decision-making.

• Lead cyber risk assessments, maturity assessments, and gap analyses across on-premises, cloud, and third-party environments.

• Guide client alignment with security frameworks and regulations such as ISO/IEC 27001, NIST CSF, SOC 2, PCI DSS, HIPAA, GDPR, and the DPDP Act.

• Maintain executive risk registers, remediation tracking, and assurance reporting, ensuring accountability and follow-through.

• Review and advise on enterprise security policies, standards, architecture principles, identity and access management, data protection, and third-party risk governance.

• Provide executive guidance during cyber incidents, audit programs, certification efforts, and regulatory engagements.

• Build trusted client relationships and work closely with internal Nopal teams to scale consistent, high-impact advisory outcomes.

Qualifications & Experience

• Education

• Mandatory Certification

Professional Experience

• 12 - 18 years of experience across cybersecurity, GRC, risk advisory, and IT environments

• Experience operating at Senior Manager,