Virtual Chief Information Security Officer (vCISO)
Remote
Full Time
Mid Level
PURPOSE:
The role of the vCISO provides the expertise required to properly scope and deliver cybersecurity solutions and services to our clients. They work closely with our clients to deliver risk management services that align industry best practices and regulatory requirements. The vCISO will identify risks and compliance gaps and collaborate with clients to prioritize and execute cybersecurity initiatives.
RESPONSIBILITIES:
MINIMUM SKILLS, EDUCATION AND EXPERIENCE
PREFERRED SKILLS, EDUCATION AND EXPERIENCE
At Ascend Technologies we firmly believe that diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered.
CORE VALUES
We are seeking highly motivated individuals who have the willingness and ability to demonstrate Ascend core values:
PHYSICAL DEMANDS:
Must be able to sit, stand, and bend for the duration of shift. The position is mainly sitting, with occasional lifting up to 50 lbs., such as laptop, server equipment, and, driving to the work site to meet with client(s).
The role of the vCISO provides the expertise required to properly scope and deliver cybersecurity solutions and services to our clients. They work closely with our clients to deliver risk management services that align industry best practices and regulatory requirements. The vCISO will identify risks and compliance gaps and collaborate with clients to prioritize and execute cybersecurity initiatives.
RESPONSIBILITIES:
- Develop custom cybersecurity programs and drive cybersecurity initiatives that support regulatory requirements, risk appetite, budget targets, and desired outcomes
- Performs cybersecurity risk assessments to identify and document client risks in accordance with industry best practices and regulatory bodies to include CMMC,
- DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, PCIDSS, and MITRE ATT&CK
- Continually manages risk management plans, milestones, and quarterly objectives to track progress and anticipate/notify of potential issues
- Collaborates with IT resources and key stakeholders from other business units to assess impacts to business processes, consider compensating controls, and effectively communicate risk remediation initiatives
- Leads monthly, quarterly, and annual presentations of risk management initiatives among client technical resources, key stakeholders, and senior management
- Leads cybersecurity engineering resources to deliver vulnerability management, endpoint protection, privilege and identity management, network security, etc.
- Actively monitors evolving threats and compliance changes and communicates findings to both Ascend and client stakeholders
- Conducts vendor risk assessments to identify technical, operational, and compliance risks and recommend risk reduction strategies
- Works closely with Ascend’s cybersecurity team to report issues, develop process improvement strategies, and ensure service success
- Writes and updates cybersecurity policies and procedures aligned with client requirements
- Leads cybersecurity training, tabletop exercises, and marketing events
- Other Responsibilities as assigned by management
MINIMUM SKILLS, EDUCATION AND EXPERIENCE
- 5+ Years experience in cybersecurity, and framework alignment (CMMC, DFARS, NIST 800-171, NIST CSF, HIPAA, FDIC, GLBA, ISO 27001/2, CIS, etc.)
- 5+ Years of strong working knowledge of system, application, network, cloud, and data security best practices
- One or more of the following certifications: CISSP, CISA, CISM, CRISC, GLSC, GSTRT, or equivalent
- Proven success managing business risk, conducting vendor risk assessments, and executing cybersecurity controls
- Working knowledge of Microsoft 365, Azure Active Directory/Active Directory, Security Awareness strategies, and Vulnerability Management practices
- Excellent analytic, problem-solving, active-listening and decision-making skills
- Excellent presentation, writing, interpersonal and communication skills
- Comfortable engaging at executive levels to influence and provide strategic insight
- Experience and/or strong desire to work in a fast-paced environment with evolving conditions
PREFERRED SKILLS, EDUCATION AND EXPERIENCE
- 5+ Years experience in Incident Response and Digital Forensics
- Industry Specialized Certifications for PCI DSS, HITRUST, etc.
- Working knowledge of PowerShell, Threat Hunting Techniques, SIEM, SOC, EDR Platforms, Privilege and Identity Management Platforms
- Bachelor’s degree in computer science, management information systems, information Technology, engineering, mathematics, or a related field
Starting Salary: $122,000/year
At Ascend Technologies we firmly believe that diversity, equity, and inclusion are not only fundamental values but also powerful drivers of innovation, growth, and success. We are committed to fostering an environment where every individual feels valued, respected, and empowered.
CORE VALUES
We are seeking highly motivated individuals who have the willingness and ability to demonstrate Ascend core values:
- Committed to Client Success: Our actions and our words always align with the best interest of the client.
- One Team: We work collaboratively to overcome challenges with humility and respect and do what it takes to find innovative solutions.
- Integrity: We are unquestionably committed to doing the right thing even when it is hard.
- Accountability: We hold ourselves and each other accountable for keeping our commitments to our clients, our communities, and one another.
- Transparency: We create open lines of communication with each other and our clients, fostering relationships founded on candor and trust.
PHYSICAL DEMANDS:
Must be able to sit, stand, and bend for the duration of shift. The position is mainly sitting, with occasional lifting up to 50 lbs., such as laptop, server equipment, and, driving to the work site to meet with client(s).
Apply for this position
Required*