Chief Information Security Officer - VC3
USA, Remote
About the Job
Description
Leveraging our standard technologies and process, coupled with our people and corporate structure, we deliver a unique result for our clients. Our clients will experience increased employee productivity, predictability in capital and operating expenditures, reduced downtime and risk, improved employee morale, less lost revenue, and enhanced business agility.
The Chief Information Security Officer(CISO) will provide strategic leadership and oversight for the information security programs of VC3 managed clients. This role involves having a deep understanding of each client’s unique business environment to develop tailored strategies that mitigate risks and align with client business objectives. The CISO is a top security expert that works with existing management and technical teams both within client environments and VC3 to manage risks and safeguard the company’s and clients’ data, while ensuring compliance with regulatory requirements. This role also assists in providing strategy for the Managed Security space to drive growth, delivery with consistency and excellence, and the desired level of profitability for the organization. Key focus areas are innovation, staying at or ahead of world events that are relevant, consistent excellence, proactiveness, and driving efficiency. By measuring progress and adjusting processes accordingly, the CISO keeps the clients under their purview on track.
The Managed Security department at VC3 is responsible for ensuring our clients have the right security tools, policies and processes to thrive in today’s fast-moving threat landscape. They ensure that our internal teams are equipped with the training and knowledge to support our clients and make sure that effective security is a key aspect of everything we do within VC3.
In order to ensure an exceptional result, you will need to have a clear understanding of the challenges and opportunities our clients face and how our teams as a whole combine to deliver our promise. Providing services in a proactive, professional manner while ensuring key parties are kept informed is critical. We are a data driven company and analysis for decision making and overall strategy is ongoing.
Our People:
Our team members are collaborative, positive, and dedicated to mutual success. Transparency isn't just a buzzword here; it's a commitment to open communication, ensuring every voice is heard and valued. Guided by our core values — Passionately Curious, Own It, Go Beyond, and Serve as One — we’re here to create something extraordinary together.
Our Core Focus:
Our team members play a pivotal role in our focus: Serving those who serve with technologies for today and tomorrow that make life safe and simple. With nearly 30 years of specialized expertise, our team goes beyond conventional boundaries, delivering tailored managed services and cybersecurity solutions to our clients.
Our team members play a pivotal role in our focus: Serving those who serve with technologies for today and tomorrow that make life safe and simple. With nearly 30 years of specialized expertise, our team goes beyond conventional boundaries, delivering tailored managed services and cybersecurity solutions to our clients.
Your Growth:
We are a growth minded organization that prioritizes development, offering numerous opportunities for career advancement. Rooted in our core value of being Passionately Curious, VC3 offers a dynamic learning environment, emphasizing hands-on experiences and formal development programs that celebrate continuous learning to propel your career forward.
We are a growth minded organization that prioritizes development, offering numerous opportunities for career advancement. Rooted in our core value of being Passionately Curious, VC3 offers a dynamic learning environment, emphasizing hands-on experiences and formal development programs that celebrate continuous learning to propel your career forward.
Key Responsibilities
- Understand and follow “The VC3 Way”. This is our set of standards and processes that produce a predictable result for the client. You must be aware of and maintain our standards.
- Engage and provide services to VC3 as an organization, including:
-
Security Strategy & Vision:
- Develop and implement a comprehensive information security strategy for internal operations and client-facing services.
- Collaborate with senior management to align security initiatives with business objectives and regularly report on the status of security programs and initiatives.
- Drive the adoption of security policies, standards, and guidelines that protect the company and its clients.
- Proactively identify and anticipate future security and compliance challenges for our clients and VC3, driving VC3 solutions.
-
Risk Management:
- Identify, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements.
- Oversee risk assessments and mitigation strategies for both internal environments.
-
Compliance & Regulatory Oversight:
- Ensure the organization complies with all relevant regulations, standards, and certifications (e.g., SOC II, FISMA, NIST).
- Lead audits and assessments to maintain compliance and certification standards.
- Collaborate within VC3 to assist with vendor selection, providing guidance and checklists to ensure third party security compliance.
-
Incident Response & Management:
- Establish and oversee the organization’s incident response program, including detection, investigation, and remediation of security incidents.
- Coordinate with legal, public relations, and other relevant teams to manage communication during and after a security breach.
- Post-incident, lead efforts to identify root causes and implement changes to prevent future incidents.
-
Security Strategy & Vision:
- Engage and provide consulting services to mid-market and enterprise clients, including:
- Provide strategic leadership in translating complex cybersecurity concepts into non-technical terms for clients to clearly understand specific applications to their business priorities.
- Lead the development and implementation of a comprehensive cybersecurity strategy for clients and VC3 that aligns with the organization’s goals and objectives
- Partner with cross-functional teams to integrate security into product design and implementation, and to develop security solution offerings for clients.
- Drive the creation and execution of a robust cybersecurity plan and program within client environments, ensuring alignment with industry best practices.
- Strategically develop and enhance client specific incident response programs as needed based on the development of Business Continuity and Disaster Recovery practices liaising with internal VC3 Departments as necessary.
- Lead comprehensive cybersecurity risk assessments based on the client organization’s assets, identify vulnerabilities, and recommend remediation strategies.
Additional Responsibilities:
- Foster a security-conscious culture across the organization, ensuring all employees understand their role in protecting information.
- Serve as the security spokesperson to clients, partners, and regulatory bodies.
- Proactively engage with industry peers and continuously analyze and review new security technologies and understand emerging security threats while implementing proactive measures to mitigate potential risks.
- Strategically collaborate with internal stakeholders to stay informed of planned changes to technologies, practices, and business activities that could impact security.
- Collaborate across all VC3 departments to maximize our client security posture and experience during onboarding, system design, strategy and ongoing support
- Maintain precise and up-to-date timesheets, and document notes on troubleshooting steps and client communications.
- Actively seek and reflect on feedback from stakeholders, colleagues, and management using it to drive improvement.
- Escalate complex issues to senior resources or relevant teams when necessary.
- Engage actively in team huddles, L10 meetings, and other collaboratively structured meetings.
- Develop and revise documentation promptly to reflect changes or new findings.
- Attend company-based meetings as required.
- Additional duties as assigned.
Skills, Knowledge & Expertise
- Bachelor’s Degree or Master’s Degree (preferred) in an IT-based curriculum, or at least 10 years’ experience in risk management, information security, or programming.
- One or more of the following qualifications: Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information systems Auditor (CISA), or Certified Risk & Information Security Controls (CRISC), Cisco Certified Internetwork Expert (CCIE) or equivalent
- Extensive experience in cybersecurity strategy development, risk management, and program administration.
- Deep knowledge of current common cybersecurity frameworks (CIS, NIST, MITRE ATT&CK)
- Expertise in compliance and regulatory requirements across various industries.
- An understanding of SIEM platforms, perimeter security, endpoint detection and response platforms, vulnerability management solutions, all aspects of IT infrastructure (compute, route/switch, security) and cloud security
- Possesses a high level of self-motivation and initiative, consistently taking ownership of tasks and projects.
- Demonstrate a strong sense of autonomy and resourcefulness, capable of making independent decisions and solving problems without relying heavily on coaching or direction.
- Exhibit excellent time management and organizational skills, effectively prioritizing tasks and allocating resources to meet deadlines and achieve objectives without extensive oversight.
- Displays a proactive and self-directed approach to learning and staying updated on industry trends, seeking out relevant information and resources to enhance their knowledge and skills.
- Shows the ability to adapt and thrive in ambiguous or uncertain situations, quickly assessing and navigating challenges.
- Possesses strong critical thinking and decision-making abilities, evaluating complex situations and determining the best course of action, while considering the broader organizational goals and objectives.
- Demonstrates effective communication skills, both written and verbal, articulating ideas and expectations clearly and concisely, minimizing the need for frequent guidance or clarification.
- Demonstrated ability to build and manage relationships with clients (internal and external) through consistent and proactive communication.
- Extraordinarily strong interpersonal skills, able to build effective working relationships, solicit co-operation and collaborate with various stakeholders internally and externally.
Additional information you will want to know:
- Applicant selected will be subject to a criminal and department of motor vehicles background checks and must meet Criminal Justice Information Systems (CJIS) requirements post-employment.
- Available for domestic and international travel as required.
Source : VC3
