Information Security Advisor

CBIZ, Inc. is a leading professional services advisor to middle market businesses and organizations nationwide. With unmatched industry knowledge and expertise in accounting, tax, advisory, benefits, insurance, and technology, CBIZ delivers forward-thinking insights and actionable solutions to help clients anticipate what's next and discover new ways to accelerate growth. CBIZ has more than 10,000 team members across more than 160 locations in 22 major markets coast to coast.

CBIZ strives to be our team members' employer of choice by creating an environment where team members are appreciated, recognized for their contributions, and provided with opportunities to grow, both personally and professionally, throughout their careers.

Together, CBIZ and CBIZ CPAs are ranked as one of the top providers of accounting services in the United States. CBIZ CPAs is an independent CPA firm that provides audit, review and attest services, while CBIZ provides business consulting, tax and financial services. In certain jurisdictions, CBIZ CPAs operates under its previous name, Mayer Hoffman McCann P.C.

Our Virtual Security Team partners closely with clients to help manage their overall information security and compliance risk across policies, processes, procedures, testing, and key control activities. Services are delivered in alignment with our Service Definition and Project Methodology (IFOTIS), with a strong emphasis on being client-centric and value-driven.

As an External Information Security Advisor (functioning as a Fractional or Virtual CISO), you will serve as a trusted advisor, offering strategic guidance and actionable insight tailored to each client's unique risk profile and business goals.

You will be responsible for ensuring clients are informed about complementary service offerings that create win-win outcomes. You will lead and coordinate cross-functional internal resources, flexing in additional team members as needed based on client demands. You will set and manage expectations for deliverables, maintain clear communication with both internal teams and client stakeholders, and proactively escalate issues or roadblocks to ensure projects remain on track and aligned with client objectives.

This is a full-time position that works remotely and/or out of a regional office, at CBIZ's discretion. Limited travel to client sites and/or company events may be required.

Essential Functions and Primary Duties:

In this role, you will lead and coordinate cybersecurity and compliance services in alignment with CBIZ's Service Definition and Project Methodology, with a strong focus on delivering exceptional client value. Working both independently and collaboratively with other CBIZ resources, you will:

Risk Management & Assessment

• Conduct both automated and manual IT risk assessments.
• Develop and implement risk mitigation and corrective action plans.
• Monitor ongoing risk activities, including tracking remediation progress.
• Perform compliance reviews, such as user access audits and segregation of duties.
• Assist with internal audits for frameworks such as ISO/IEC 27001 and SOC 2.
• Support clients in achieving compliance with regulatory frameworks (e.g., GDPR, HIPAA, CMMC).

Policy & Program Development

• Draft, revise, and maintain information security and compliance policies.
• Conduct policy compliance reviews and recommend improvements.
• Design and implement security controls to support scalable information security programs.

Third-Party Risk Management

• Evaluate vendor and third-party security through assessments and due diligence reviews.
• Monitor critical third-party relationships for ongoing risk and compliance.
• Respond to inbound security questionnaires on behalf of clients.
• Assist clients in building and maturing third-party risk management programs.
• Advisory, Analytical, and Client Engagement
• Provide expert guidance on emerging security threats, technologies, and best practices.
• Deliver client-facing training and awareness sessions.
• Support client presentations, including executive briefings and board-level reporting.
• Keep clients informed on relevant cybersecurity developments and regulatory changes.

Project & Relationship Management

• Establish clear expectations for internal and external deliverables; manage and communicate timelines, dependencies, and risks.
• Keep project details updated in CRM tools and ensure engagement tracking is accurate and timely.
• Actively participate in client status calls and meetings to understand evolving needs and provide actionable recommendations.
• Manage project schedules, coordinate with stakeholders when delays occur, and escalate to leadership when necessary.
• Achieve or exceed Net Promoter Score (NPS) targets through high client satisfaction and consistent service delivery.

Key Skills for Success

• Strong communication and interpersonal skills with executive presence.
• Detail-oriented with the ability to manage multiple engagements.
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
• Proactive in identifying gaps and offering solutions to clients.
• Able to work collaboratively across multidisciplinary teams.
• Preferred Qualifications: The vCISO Consultant must have strong practical experience in information security. privacy, and AI risk management
• Bachelor's Degree in a technical or equivalent professional experience degree.
• 7+ years of broad information security, risk management or compliance experience.
• Prior experience working in a client facing or consulting role.
• Familiarity with security, privacy, cloud or AI - related certifications; (e.g., CISSP, CISA, CISM, CRISC, ISO 27001 Lead XX. ISO 42001 Lead Implementer, CCSK) is a plus.
• Knowledge of industry frameworks and standards (e.g., ISO 27001, ISO 27701, ISO 42001, CMMC, NIST 800-53, SOC 2, CCPA, HIPAA, PCI-DSS, CSA STAR, NERC-CIP, CIS Controls).

Other Duties

Please note that this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

• Review Consultant work product and provide feedback.
• Responsible for completion of engagements, including managing all aspects of project.
• Conduct solid analysis; deliver solutions for internal and external clients.
• Attain revenue objectives.
• Adhere to engagement budget constraints and complete assigned tasks with the time requested.
• Participate in business development activities to include memberships in qualified organizations (alumni associations, chamber of commerce, networking groups, etc.) or regular business contacts with peers capable or eventually capable of referring potential engagements and cross serve opportunities.
• Additional responsibilities as assigned.

Minimum Qualifications

• 3 years of relevant work experience.
• Achieve professional certifications relative to area of expertise, must have and preserve required licenses.
• Must possess analytical skills.
• Proficient use of applicable technology.
• Demonstrated ability to communicate verbally and in writing throughout all levels of organization, both internally and externally.
• Must be able to travel based on client and business needs.

The annual salary target for this job in this market is $106,950- $159,850. The specific compensation for this role will be determined based on the education, experience, and skill set of the individual selected for this position.

The compensation above is not representative of an employee's total compensation. Beyond income, you have access to comprehensive medical and dental insurance, retirement savings, life and disability insurance, health care and dependent care reimbursement accounts, certification incentives, education assistance, referral program and much more.

The application window is anticipated to close on or before September 30th, 2025.

#LI-CF2 #LI-Remote