Virtual Chief Information Security Officer (vCISO)
About The Position
Phoenix's small and mid-sized businesses face the same cybersecurity threats as the Fortune 500 but with a fraction of the resources. cloudIT bridges that gap. We are a growing Technology Service Provider built on the belief that every business deserves enterprise-grade security expertise, regardless of size. We are looking for a strategic, people-first vCISO to champion that mission across our client base. As a vCISO at cloudIT, you will serve as a fractional security leader for a portfolio of clients who do not have and cannot afford a full-time CISO. You will work from our Phoenix office, managing multiple client relationships simultaneously, building practical security programs around cloudIT's proven security stack. This role is equal parts strategist, communicator, and trusted advisor.
Requirements
- 5+ years in information security, with at least 2 years in a leadership or advisory capacity
- Ability to engage effectively with both IT leaders and non-technical business owners
- Comfort managing multiple client engagements with competing priorities
Nice To Haves
- Experience working with or for an MSP or TSP is a strong plus
- CISSP
- CISM
- CISA
- CCA
- CCP
- NIST CSF
- ISO 27001
- HIPAA
- PCI-DSS
- CMMC
Responsibilities
- Develop and own practical, business-aligned security roadmaps built on cloudIT's security stack
- Present security posture updates to IT leaders and business owners in clear, actionable terms
- Track emerging threats and regulatory shifts across healthcare, real estate, financial services, and construction
- Conduct risk and vulnerability assessments calibrated to client environments
- Prioritize remediation based on business impact, not just severity scores
- Build realistic risk treatment plans clients can actually execute
- Guide clients through HIPAA, PCI-DSS, CMMC, NIST CSF, and other relevant frameworks
- Develop right-sized policies and procedures that are actionable, not shelf-ware
- Conduct periodic audits and gap assessments using cloudIT's toolset
- Build and test incident response plans suited to SMB realities
- Lead response coordination during incidents, keeping stakeholders informed
- Drive post-incident improvements supported by cloudIT's monitoring capabilities
- Champion cloudIT's stack including MDR, SIEM, endpoint protection, MFA, and cloud security controls
- Ensure solutions are implemented correctly and delivering measurable value
- Assess third-party vendor risk and guide secure procurement decisions
- Manage a portfolio of clients, engaging at the right level for each organization
- Show up as a trusted partner by proactively communicating risks and celebrating wins
- Translate complex security concepts into plain language across industries and experience levels
Benefits
- Medical, dental, and vision
- 401(k) with company match
- Certification sponsorship and continuing education
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
