Acting CISO / Compliance Program Manager
Worldwide
We are a seven-person, fully remote SaaS company building AI-powered tools to support analysis and research. Customers include universities, central banks, research institutes, and hedge funds in the US and EU. Our ISO 27001:2022 Stage 1 and Stage 2 audits are complete, with no nonconformities; ISO is now in maintenance. We are also completing our SOC 2 Type II program, using Sprinto as our GRC platform and Prescient Assurance as our auditor. Our Information Security Officer is taking parental leave beginning mid-July 2026, so we need an experienced compliance contractor to start soon, overlap for handoff, and serve as acting CISO through mid-November 2026. The engagement is about 10-15 hours/week, remote, async-friendly, and part-time. This is a *coordination and governance* role, not a hands-on engineering role. Our control framework is established and running; we are not looking for someone to build or redesign controls. Our Lead Engineer owns technical controls, infrastructure, and technical evidence. The acting CISO (you) will own the compliance program, auditor communication, governance evidence, and decision-making authority on escalated compliance issues. The primary near-term milestone is the SOC 2 Type II observation window, which closes August 15, 2026, followed by post-window fieldwork and review with Prescient Assurance. You will monitor Sprinto for alerts and evidence gaps; triage to the Lead Engineer; serve as Prescient point of contact; own governance/process evidence; respond to auditor questions; coordinate compliance-side sign-off; and track the final report. You will also manage the ongoing compliance program in Sprinto, oversee vendor and sub-processor review, respond to customer security questionnaires, HECVAT submissions, and enterprise due diligence requests, handle data subject requests within GDPR/UK GDPR timelines, and serve as approving signatory for necessary ISMS policy amendments. For high or critical incidents, you will coordinate with the Lead Engineer and outside counsel and manage GDPR breach notification obligations if required. We are looking for *demonstrated experience in information security compliance*, ideally as a CISO, vCISO, or compliance program manager; familiarity with SOC 2 audit processes, with SOC 2 Type II preferred; familiarity with ISO 27001 maintenance; experience with Sprinto or similar GRC platforms; working knowledge of GDPR operational requirements; strong written communication; and independent judgment in a small, async remote team. Enterprise security questionnaires and AI/SaaS privacy considerations are a plus.
- Less than 30 hrs/weekHourly
- 3-6 monthsDuration
- ExpertExperience Level
$30.00
-
$130.00
Hourly- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:50+
- Last viewed by client:yesterday
- Interviewing:6
- Invites sent:7
- Unanswered invites:2
About the client
- United StatesEvanston3:57 PM
- $112K total spent167 hires, 15 active
- 2,500 hours
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by