Field Virtual Chief Information Security Officer (vCISO)

This a Full Remote job, the offer is available from: Arkansas (USA) Field Virtual Chief Information Security Officer (vCISO) This position is hybrid with some onsite responsibility in Conway, and applicants must already reside in the central Arkansas area. Relocation will not be provided. PURPOSE: A Field vCISO’s primary purpose is to function as a trusted advisor to strategically improve the cybersecurity posture of Ascend clients. Field vCISOs integrate into our client organizations to manage and improve comprehensive cybersecurity programs for mid-market clients based on established frameworks such as NIST CSF, CIS Controls, HIPAA, and more. Weekly or monthly meetings are held to present data gathered from our various solutions to demonstrate the efficacy of Ascend’s cybersecurity services to client stakeholders and highlight advancement toward the client’s desired maturity. Quarterly presentations to client C-suite or Board of Directors may be required. Completion of security questionnaires, review of vulnerability reports, pen test reports, risk assessments, research on non-Ascend products/services, and communication of strategy for emerging threats or business requirements are all provided to our clients by their vCISO. Excellent communication and presentation skills are important to help make complex cybersecurity concepts clear and relatable to non-technical audiences across a multitude of industries. RESPONSIBILITIES:

• Serve as the primary contact for client information security programs, interfacing with executive teams and business leaders in person at the client’s headquarters.
• Develop custom cybersecurity programs and drive cybersecurity initiatives that support regulatory requirements, risk appetite, budget targets, and desired outcomes.
• Leads monthly, quarterly, and annual presentations of risk management initiatives among client technical resources, key stakeholders, senior management, and board of directors.
• Review status of security services via regular reports to identify areas in need of attention by Ascend, and present findings to client stakeholders.
• Guide client infosec strategy for addressing gaps and implementing controls found in their desired security framework.
• Manage and measure clients’ security and/or compliance programs.
• Understand compliance and controls to help guide clients' efforts to fully address their requirements and gather evidence in preparation for audit.
• Draft and implement security policies for client organizations.
• Conducts third-party risk assessments to identify technical, operational, and compliance risks and recommend risk reduction strategies.
• Work with the Ascend Cybersecurity Leadership to identify Ascend services required to address security needs of clients.
• Oversees the delivery of cybersecurity engineering services such as vulnerability management, endpoint protection, privilege and identity management, network security, etc.
• Facilitate change, knowledge, and team understanding of the client environment and needs as priorities shift.
• Actively monitors evolving threats and compliance changes and communicates findings to both Ascend and client stakeholders.
• Leads cybersecurity training and tabletop exercises.
• Other Responsibilities as assigned by management. MINIMUM SKILLS, EDUCATION AND EXPERIENCE
• 5+ years leading information security programs and initiatives and implementing cybersecurity controls to mitigate regulatory and cybersecurity risks.
• 5+ Years experience in cybersecurity, and framework alignment (CMMC, DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, CIS, etc.).
• 5+ Years of strong working knowledge of system, application, network, cloud, and data security best practices.
• Experience preparing for compliance audits including one or more of the following SOC2, CMMC, FDIC, or HITRUST.
• One or more of the following certifications: CISSP, CISA, CISM, CRISC, GLSC, GSTRT, or equivalent.
• BA/BS degree or an equivalent combination of education and experience – preferably advanced degree in related field.
• Demonstrable track record of accomplishment and success.
• Excellent problem solving, decision-making, communication and team building skills.
• Proven experience with engaging executive level leadership to influence and provide strategic insight. PREFERRED SKILLS, EDUCATION AND EXPERIENCE
• Preferred experience as a Cybersecurity or Compliance manager.
• Experience working through growth phases, acquisition changes, for mid-market organizations or small businesses as they transitioned to mid-market.
• Industry Specialized Certifications for HIPAA, HITRUST, etc.
• Working knowledge of Threat Protection, SIEM, SOC, EDR Platforms, Privilege and Identity Management Platforms. Starting Compensation: $120,000/year The salary for this position is commensurate with experience, skills, and qualifications. The range is intended to reflect our commitment to attracting top talent, and the final offer will be

Apply tot his job Apply To this Job