Virtual Chief Information Security Officer

Overview

Description: You will serve as an enterprise-level Information Security SME, partnering with clients to assess their security posture and design proactive, tailored security and risk-management programs. As a trusted strategic advisor, you’ll lead risk assessment initiatives, compliance modeling, policy development, and ongoing security strategy for a portfolio of clients.

• Own SMB vCISO engagements end-to-end across multiple verticals: scope, plan, execute, and deliver measurable security outcomes as the primary client security executive.
• Lead risk assessments (enterprise/IT/security): interviews, evidence validation, risk scoring, risk register creation, and prioritized remediation roadmaps.
• Drive compliance readiness for CMMC, PCI DSS, and HIPAA through gap analysis, control validation, evidence mapping, and audit-prep leadership.
• CMMC experience required: define boundaries and CUI scope, support SSP/POA&M development, validate implementation of required practices, and prepare clients for assessor interactions.
• Establish and mature core security controls (IAM/MFA/least privilege, endpoint/email security, vulnerability management, logging/monitoring, backup/DR testing).
• Run incident readiness and response governance: create/maintain IR plans, facilitate tabletop exercises, and provide executive leadership during incidents through lessons learned.
• Implement vendor/third-party risk management appropriate for SMBs: tiering, due diligence, and contract/security requirements for critical vendors.
• Maintain strong executive communication and cadence: recurring stakeholder meetings, clear status reporting, risk-based decision support, and coordination of internal/partner resources to close gaps.
• Mentor client technical resources and teams as needed.
• Regularly collaborate with Sales, SAMs, Solutions Architects, and Strategic Services on client alignment and solution development.
• Perform additional duties as assigned to support business objectives.

• 10+ years in senior security roles (CISO, vCISO, Director of Info Sec) in client-facing or consultancy settings.
• Deep understanding of compliance frameworks and risk management methodologies.
• Proven ability to advise C-level executives and boards on security strategy.
• Strong governance, technical architecture, and incident response expertise.
• Experience managing multiple concurrent client engagements.
• Certifications such as CISSP, CISM, CISA, or CRISC required.
• Bachelor’s degree in Information Security, Computer Science, or a related discipline.
• Valid driver’s license and reliable form of transportation.

• Extensive desk/computer work and executive client presentations.
• Occasional travel to client locations (up to ~70%), requiring valid driver’s license and reliable transport.
• Sit for extended periods and use keyboard/mouse, phone, and office devices.
• Ability to lift up to 35 lbs (e.g. laptops, documentation).
• Enter confined spaces (e.g. server closet) for client assessments as needed.
• Clear verbal communication in a board, client, or executive setting; visual acuity for report creation and presentations.

GROUP HEALTH INSURANCE: After a 30-day waiting period, full-time employees (who work at least 30 hours per week) and their dependents, are eligible to enroll in health benefits utilizing the Cigna network. Health options include a choice of 2 PPO plans or a High Deductible Health Plan with employer contributions to a Health Savings Account (HSA). In addition, Dental benefits are available as well as a Vision PPO plan utilizing the Eye Med network.

Proven also offers voluntary worksite benefits including critical illness, hospital indemnity, accident coverage, short-term disability insurance, supplemental life and pet insurance. Additional offerings include an employee discount program, home and auto insurance services and commuter/transit FSA.

EMPLOYER PROVIDED LIFE/AD&D INSURANCE: After a 30-day waiting period, Proven IT provides a flat $25,000 Life Insurance benefit, administered by Blue Cross Blue Shield, to all full-time employees (who work at least 30 hours per week). Accidental Death & Dismemberment (AD&D)…