Syntax is a leading Managed Cloud Provider for Mission Critical Enterprise Applications and has been providing comprehensive technology solutions to businesses of all sizes since 1972. Syntax has undisputed strength to implement and manage ERP deployments (Oracle, SAP) in a secure and resilient private, public or hybrid cloud. With strong technical and functional consulting services, and world-class monitoring and automation, Syntax serves some of North America’s largest corporations across a diverse range of industries. Syntax has offices worldwide, and partners with Oracle, SAP, AWS, Microsoft, IBM and other global technology leaders.

About Syntax

At Syntax, we orchestrate complex technology challenges so our customers can focus on achieving meaningful business outcomes. As a global fullstack technology partner, we deliver excellence across Cloud, Application Services, Security, Integration, Data & AI, and Industry Solutions – guided by our core values of Integrity, Quality, Accountability, Simplicity, and Generosity.

Role Overview

We are seeking an experienced virtual CISO (vCISO) to work under the direction of the Principal vCISO and lead client engagements – with a primary focus on cybersecurity governance assessments. This role is hands-on and delivery-focused: you will run engagements end-to-end, lead stakeholder interviews, review and validate evidence, and produce high-quality client-ready deliverables (executive summary, detailed assessment report, and a prioritized remediation plan).

In addition to assessments, this role will contribute to follow-on vCISO advisory and professional services work, helping clients plan and execute remediation, strengthen governance, and mature their security programs.

You will apply strong security judgment across common security domains and translate control and evidence observations into coherent, business-relevant risk narratives. Success in this role requires excellent writing, confident client presence, and the ability to work independently while collaborating closely with the Principal vCISO for alignment and quality assurance.

This is a remote role. Candidates must be able to work primarily in Americas time zones (Pacific, Mountain, Central, and Eastern). Applicants based outside the Americas may be considered if they can reliably adapt their schedule to overlap with these time zones. No regular travel is expected.

Key Responsibilities

Cybersecurity Governance Assessment Delivery

• Lead end-to-end delivery of governance assessments: scoping, planning, evidence request management, stakeholder interviews/workshops, analysis, and reporting.
• Assess security program design and implementation, identifying gaps, root causes, and practical risk drivers.
• Map observations to common frameworks and standards (CIS Critical Security Controls, ISO 27001, NIST) to support a structured, evidence-based assessment.
• Develop clear, decision-useful outputs: executive summaries, observation write-ups, and prioritized remediation recommendations aligned to risk and business impact.
• Maintain engagement discipline: track open items, follow-ups, and evidence completeness to keep delivery on schedule and avoid last-minute surprises.

Collaboration

• Align with the Principal vCISO on engagement objectives, approach, and messaging; incorporate feedback and support QA activities.
• Operate as the day-to-day engagement lead with client stakeholders using a pragmatic, non-adversarial approach.
• Facilitate meetings effectively: set agendas, drive discussions to outcomes, communicate status and risks, and escalate issues early when needed.
• Support pre-sales activities as needed: contribute to scoping calls, proposal/SOW input, and effort estimation to ensure assessable, well-defined engagements.

Security Knowledge and Advisory Leadership

• Apply broad, well-rounded security knowledge across governance, assurance, risk management, architecture, engineering, and operations to form sound conclusions from imperfect inputs.
• Review evidence across typical security domains (e.g., identity and access management, vulnerability/exposure management, endpoint and cloud security, logging/monitoring, incident response, backup/recovery, third-party risk, etc.) and translate findings into actionable recommendations.
• Deliver follow-on vCISO advisory and professional services engagements as needed (e.g., remediation planning and execution support, security program roadmaps, policy/standard development, security operating model improvements, etc.).
• Contribute to continuous improvement of assessment playbooks and templates (i.e., evidence request lists, interview guides, report templates, etc.) to drive consistency and efficiency across engagements.

Delivery Excellence

• Produce concise, high-quality client-ready documentation with strong structure, clear rationale, and actionable recommendations.
• Manage multiple concurrent engagements with strong time management, attention to detail, and proactive communication.
• Demonstrate strong professional judgment and confidentiality when handling sensitive client information.
• Operate as a self-starter: identify what is needed, learn quickly, and solve problems creatively to move work forward.

Required Qualifications

• Demonstrated experience (7+ years) in cybersecurity, with broad exposure across security operations, security engineering, governance/assurance, risk management, and architecture.
• Hands-on experience leading control- and evidence-based assessments, audits, or security program reviews using frameworks such as CIS Critical Security Controls, ISO 27001, and NIST standards/frameworks.
• Strong report-writing skills: ability to produce executive-ready narratives and detailed findings that tie evidence to risk and business impact.
• Confident, client-facing communication skills; able to lead interviews and workshops independently and build trust with stakeholders.
• Full professional proficiency in English (written and verbal).
• Ability to work primarily in Americas time zones (Eastern and Pacific) or reliably align working hours to overlap with those time zones.

Preferred Qualifications

• Additional experience in GRC, IT operations, and/or IT risk management.
• Relevant certifications (one or more): CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, CISA.
• Experience in consulting/professional services delivery environments, including managing multiple parallel workstreams and client expectations.

Why Syntax?

Become a part of our success story and work in a company with exciting innovation projects that are causing a stir across the industry. We recently launched one of the world's most advanced manufacturing facilities based on SAP S/4HANA Cloud and SAP Digital Manufacturing Cloud for Execution - for Smart Press Shop, a pioneering joint venture between Porsche and forming specialist Schuler.  

• Competitive, above-average compensation
• Global tourist: With us, you can also work from abroad from time to time
• Flexible working time models, home office
• Attractive benefits, e.g. company pension scheme or various health offers
• A modern environment in which the "you" is part of it
• Open feedback culture, flat hierarchies and a motivated team
• Individual career planning with continuous training and coaching on the job

You see a personal challenge in this responsible task? Apply now - and become part of the SYNTAX team!