I can see why you need some security help. I would look at a several of options:
1. Hire a security consultant that would be a mentor to your CxO team vs a CISO. Getting an extra person on the team has not been fixing the security issues networks are facing. Whole team mind shifts are needed to get people to rethink how everyone approaches their job.
2. Look for a security consultant who breaks down the problem and respects the knowledge within the team. For example, one day workshops that have one topic area and leads the workshop team through a discovery exersie. The objective is an action plan. Security "consulting" with no action plan is counter productive. Check out this as one example: http://www.getit.org/about/consulting-services/security-workshops/
3. Explore putting someone who deep security experience to be part of your adisory board. This is trading equity for experience that is high demand and cannot be cloned. The contracted advirory role would be to mentor the team.
And then there is the traditional model of hiring security consulting companies and trying to find experience CISOs. The security consulting companies would have people who have 3 years of security experience and call themselves "experts." Trying to find CISOs who have 10 years of security operations experience is close to impossible. Trusting vendors with their special "security widget tools" would be costly distractions. Hence, the recommendation to find someone who helps the organization "rethink," have all the CxOs ask about security, and invest in the team.