Field Virtual Chief Information Security Officer (vCISO)

About The Position

Requirements

• 5+ years leading information security programs and initiatives and implementing cybersecurity controls to mitigate regulatory and cybersecurity risks.
• 5+ Years experience in cybersecurity, and framework alignment (CMMC, DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, CIS, etc.).
• 5+ Years of strong working knowledge of system, application, network, cloud, and data security best practices.
• Experience preparing for compliance audits including one or more of the following SOC2, CMMC, FDIC, or HITRUST.
• One or more of the following certifications: CISSP, CISA, CISM, CRISC, GLSC, GSTRT, or equivalent.
• BA/BS degree or an equivalent combination of education and experience – preferably advanced degree in related field.
• Demonstrable track record of accomplishment and success.
• Excellent problem solving, decision-making, communication and team building skills.
• Proven experience with engaging executive level leadership to influence and provide strategic insight.

Nice To Haves

• Preferred experience as a Cybersecurity or Compliance manager.
• Experience working through growth phases, acquisition changes, for mid-market organizations or small businesses as they transitioned to mid-market.
• Industry Specialized Certifications for HIPAA, HITRUST, etc.
• Working knowledge of Threat Protection, SIEM, SOC, EDR Platforms, Privilege and Identity Management Platforms.

Responsibilities

• Serve as the primary contact for client information security programs, interfacing with executive teams and business leaders in person at the client’s headquarters.
• Develop custom cybersecurity programs and drive cybersecurity initiatives that support regulatory requirements, risk appetite, budget targets, and desired outcomes.
• Leads monthly, quarterly, and annual presentations of risk management initiatives among client technical resources, key stakeholders, senior management, and board of directors.
• Review status of security services via regular reports to identify areas in need of attention by Ascend, and present findings to client stakeholders.
• Guide client infosec strategy for addressing gaps and implementing controls found in their desired security framework.
• Manage and measure clients’ security and/or compliance programs.
• Understand compliance and controls to help guide clients' efforts to fully address their requirements and gather evidence in preparation for audit.
• Draft and implement security policies for client organizations.
• Conducts third-party risk assessments to identify technical, operational, and compliance risks and recommend risk reduction strategies.
• Work with the Ascend Cybersecurity Leadership to identify Ascend services required to address security needs of clients.
• Oversees the delivery of cybersecurity engineering services such as vulnerability management, endpoint protection, privilege and identity management, network security, etc.
• Facilitate change, knowledge, and team understanding of the client environment and needs as priorities shift.
• Actively monitors evolving threats and compliance changes and communicates findings to both Ascend and client stakeholders.
• Leads cybersecurity training and tabletop exercises.
• Other Responsibilities as assigned by management.

Benefits

• Along with a competitive salary, we offer a comprehensive benefits package, including health, dental, and vision insurance, retirement savings options, flexible time off (FTO), and professional development opportunities.