Role Overview
As an AWS DevSecOps Engineer, you will play a key role in designing and maintaining secure, scalable cloud infrastructures. You will embed security practices throughout the development lifecycle, ensuring compliance and resilience in cloud-native applications and pipelines.
Key Responsibilities
Architect, implement, and manage secure AWS cloud environments.
Integrate security controls into CI/CD pipelines, ensuring continuous compliance.
Automate infrastructure deployment with Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation).
Collaborate with development teams to embed DevSecOps principles across projects.
Monitor, detect, and remediate security vulnerabilities in cloud environments.
Ensure compliance alignment with HIPAA, SOC 2, ISO 27001, and PCI frameworks.
Required Qualifications
AWS Certified Solutions Architect (Associate or Professional)
What is a vCISO?
A Virtual Chief Information Security Officer (vCISO) is an outsourced executive-level resource who provides strategic leadership for information security programs on a part-time, flexible basis. Unlike a traditional full-time CISO, a vCISO engagement is fractional, meaning clients get access to senior-level expertise tailored to their needs—whether that’s a few hours per week or on an as-needed project basis. This model offers organizations the benefit of executive-level guidance without the cost and commitment of hiring a dedicated full-time CISO.
Role Overview
As a vCISO, you will provide strategic and technical leadership across cybersecurity initiatives. You will develop and maintain policies, ensure governance and compliance, and align AWS cloud environments with best practices for security and risk management. This role involves guiding clients in improving their security posture while managing ongoing regulatory and business requirements.
Key Responsibilities
Act as a trusted advisor and security leader for multiple clients on a fractional basis.
Design, implement, and oversee cybersecurity programs tailored to client needs.
Develop, update, and enforce security policies, standards, and procedures.
Guide organizations in compliance readiness for HIPAA, SOC 2, ISO 27001, and PCI-DSS.
Oversee secure architecture and security controls in AWS cloud environments.
Embed security practices into CI/CD pipelines and DevOps processes.
Conduct risk assessments, gap analyses, and incident response planning.
Communicate security priorities and strategies to client leadership and technical teams.
Provide ongoing reporting, documentation, and roadmap planning for security programs.
Required Qualifications
Experience serving in CISO, Deputy CISO, or senior-level security leadership roles.
Deep knowledge of AWS security services (IAM, GuardDuty, Security Hub, CloudTrail, WAF, KMS).
Strong background in regulatory compliance frameworks (HIPAA, SOC 2, ISO 27001, PCI-DSS).
Expertise in policy and documentation development for security governance.
Familiarity with DevSecOps practices and cloud-native security.
Excellent communication and client-facing skills, with ability to simplify complex security concepts for executive audiences.
Preferred Skills
AWS Certified Solutions Architect or Security Specialty certification.
Hands-on experience with monitoring, SIEM, and incident response solutions.
Experience working with small and medium-sized organizations, particularly in healthcare and professional services.
Track record of building scalable security programs from the ground up.
What We Offer
Flexible, fractional engagement—hours tailored to client and project needs.
Opportunity to work across diverse industries and client environments.
About the Role
We are seeking an experienced Virtual General Counsel (vGC) to provide part-time, ongoing legal leadership for our small/mid-sized company. This role is ideal for a senior attorney who enjoys working closely with business leaders, building practical solutions, and operating as a “right-hand” advisor without a traditional in-house position.
Responsibilities
Serve as primary legal advisor to the executive team and key stakeholders.
Draft, review, and negotiate a wide range of commercial contracts (MSAs, SOWs, NDAs, vendor and customer agreements, licensing, partnership and reseller agreements).
Advise on corporate governance, including board and shareholder matters, policies, and corporate records.
Guide business formation, restructuring, and entity maintenance as needed.
Develop and maintain internal legal policies, playbooks, templates, and processes.
Provide employment-law guidance (offer letters, employment agreements, handbooks, compliance with relevant labor laws, contractor vs. employee issues).
Advise on data privacy, information security, and regulatory compliance relevant to our industry and geography.
Support risk management efforts, including issue-spotting, mitigation strategies, and escalation to specialist counsel when appropriate.
Coordinate and manage outside counsel for specialized matters (e.g., litigation, complex IP, tax).
Provide strategic input on deals, product launches, marketing programs, and other initiatives, balancing legal risk and business objectives.
Conduct periodic training for internal teams on key legal topics (contracts, IP, confidentiality, compliance, etc.).
Qualifications
Juris Doctor (JD) from an accredited law school and active license in good standing in at least one U.S. jurisdiction (or applicable local jurisdiction, if outside the U.S.).
8+ years of broad-based legal experience, including significant time in-house as General Counsel, Associate General Counsel, or senior corporate counsel, or equivalent experience serving as outside “fractional” GC.
Strong background in commercial contracts, corporate law, and general business counseling.
Experience supporting small to mid-sized companies, high-growth environments, or startups.
Familiarity with employment law and data privacy/compliance relevant to our sector.
Demonstrated ability to translate legal concepts into clear, practical business advice.
Excellent communication, negotiation, and relationship-building skills.
Comfortable working remotely, asynchronously, and across time zones.
Engagement Model
Part-time, fractional, or retainer-based engagement (e.g., set number of hours/month with flexibility based on business needs).
Fully remote role, with periodic video meetings and occasional on-site visits as mutually agreed.
Opportunity to work with leadership on a long-term basis and shape the company’s legal infrastructure and strategy.
Ideal Candidate Profile
Business-minded: You balance risk with commercial realities and help the company move forward, not just say “no.”
Proactive: You anticipate issues, design scalable frameworks, and build repeatable tools (templates, checklists, processes).
Collaborative: You enjoy partnering with operations, finance, HR, sales, product, and security/IT.
Adaptable: You are comfortable working with evolving processes, priorities, and resource constraints.
How to Apply
Please submit the following:
Resume or CV
Brief cover letter describing your experience as a GC/vGC/fractional GC and your typical engagement model (e.g., hourly, retainer, fixed-fee)
Examples of industries and company sizes you have supported
Your jurisdiction(s) of licensure and any relevant certifications