Role: Fractional CISO Consultant

Location: India (Remote)

Duration: Ongoing Part-Time

About BigRio:
BigRio is a remote-based, technology consulting firm headquartered in Boston,
MA. We deliver software solutions ranging from custom development, software
implementation, data analytics, and machine learning/AI integrations. We are a
one-stop shop that attracts clients from various industries because of our proven
ability to deliver cutting-edge and cost-conscious software solutions.

Position Overview:
We are seeking an experienced and results-oriented fractional CISO to lead due
diligence of SaaS product companies around their compliance, privacy, and
security initiatives for the company and its products.
The fractional CISO will be working on due diligence projects for acquiring SaaS
companies.
This is an on-demand, part time consultant role, ideal for candidates with
experience working with U.S.-based SaaS companies which are PE backed. The
ideal candidate will have expertise in compliance, data privacy, and
cybersecurity across diverse industries and geographies.

Key Responsibilities:
 Lead internal compliance audits and ensure adherence to regulatory
requirements, including data privacy laws across various jurisdictions.
 Conduct in-depth security due diligence for acquisitions, delivering
actionable reports to support decision-making.
 Collaborate with business, sales, and legal teams to address compliance
needs, including HIPAA, GDPR, PCI DSS, and CCPA.
 Coordinate with IT and security teams to design, implement, and manage
security policies, audits, and incident management processes.
 Develop and execute cybersecurity strategies for hybrid, on-premise, and
cloud-based solutions.
 Establish security and privacy frameworks for new technologies and cloud
solutions.
 Monitor and address compliance breaches, ensuring root cause analysis
and preventive measures.
 Act as the primary liaison for audits, assessments, and accreditations
conducted by regulatory bodies and external consultants.
 Deliver training and awareness programs to align with regulations and
organizational policies.
 Guide cross-functional teams to implement governance controls and meet
compliance objectives.
 Provide regular updates to internal stakeholders and leadership on
compliance matters.

Qualifications:
 Proven experience in compliance, data privacy, and security risk
management with a focus on global and regional regulations.
 Expertise in cybersecurity governance, including network protocols and
third-party risk management.
 Knowledge of cloud security, IAM policies, encryption, and monitoring
practices.
  Experience conducting security due diligence and risk assessments for
acquisitions.
 Strong communication skills with the ability to train and educate
stakeholders on compliance and risk management.
 Demonstrated ability to lead cross-functional teams and drive compliance
initiatives.

Preferred Background:
 Hands-on experience with regulatory frameworks like GDPR, HIPAA, CCPA,
and PCI DSS.
 Leadership in managing ISMS audits, security assurance, and business
continuity planning.
 Familiarity with security incident management and governance
frameworks.

Equal Opportunity Statement:

BigRio is an equal opportunity employer. We prohibit discrimination and
harassment of any kind based on race, religion, national origin, sex, sexual
orientation, gender identity, age, pregnancy, status as a qualified individual with
disability, protected veteran status, or other protected characteristic as outlined
by federal, state, or local laws. BigRio makes hiring decisions based solely on
qualifications, merit, and business needs at the time. All qualified applicants will
receive equal consideration for employment.