Virtual Chief Information Security Officer (vCISO) in Phoenix, Arizona at cloudIT

Phoenix's small and mid-sized businesses face the same cybersecurity threats as the Fortune 500 but with a fraction of the resources. cloudIT bridges that gap. We are a growing Technology Service Provider built on the belief that every business deserves enterprise-grade security expertise, regardless of size. We are looking for a strategic, people-first vCISO to champion that mission across our client base in the Greater Phoenix area.
If you are looking for more than a job, and want to be part of a team that is genuinely changing how business’ think about security, we want to hear from you.

About the Role
As a vCISO at cloudIT, you will serve as a fractional security leader for a portfolio of clients, most of whom do not have and cannot afford a full-time CISO. The "virtual" in vCISO refers to how you serve clients: you will not be embedded at any single client site. Instead, you will work from our Phoenix office, managing multiple client relationships simultaneously. Depending on the client, you will work directly with IT leaders, business owners, or both, building practical, right-sized security programs around cloudIT's proven security stack.
Your goal is to drive adoption of the right solutions, ensure they are implemented effectively, and connect security decisions back to real business outcomes.
This role is equal parts strategist, communicator, and trusted advisor. You translate complex cybersecurity risk into plain language that resonates with a 50-person manufacturing firm just as clearly as a fast-growing healthcare startup.

What You Will Do
Security Strategy and Leadership

• Develop and own practical, business-aligned security roadmaps for each client, built on cloudIT's security stack.
• Present security posture updates to IT leaders and business owners in clear, actionable terms.
• Track emerging threats and regulatory shifts in relevant industries, including healthcare, real estate, financial services, and construction.

Risk Management

• Conduct risk and vulnerability assessments calibrated to environments.
• Prioritize remediation based on business impact, not just severity scores, and build realistic risk treatment plans that clients can actually execute using cloudIT's solutions.
• Advise clients on practical mitigation strategies that fit their size, budget, and operational reality.

Compliance and Governance

• Guide clients through relevant compliance requirements including HIPAA, PCI-DSS, CMMC, NIST CSF, and others.
• Develop right-sized policies and procedures that are actionable, not shelf-ware.
• Conduct periodic audits and gap assessments, leveraging cloudIT's toolset to close identified gaps efficiently.

Incident Response and Management

• Build and test incident response plans suited to realities, including limited IT staff, high business continuity sensitivity, and tight recovery time expectations.
• Lead response coordination during incidents, keeping stakeholders informed and focused.
• Drive post-incident improvements supported by cloudIT's monitoring and response capabilities.

Security Awareness and Training

• Deploy cloudIT's security awareness training programs and position them as a core part of each client's security posture.
• Foster a culture where employees are the first line of defense, not the weakest link.

Security Stack Adoption and Technical Oversight

• Champion cloudIT's security stack as the primary solution for clients, including MDR, SIEM, endpoint protection, MFA, and cloud security controls.
• Work with IT leaders and business owners to ensure solutions are implemented correctly and delivering measurable value.
• Assess third-party vendor risk and guide clients on secure procurement decisions that complement the existing stack.

Client Relationship Management

• Manage a portfolio of clients, engaging at the right level for each organization, whether that is a hands-on IT team or a business owner making security decisions for the first time.
• Show up as a trusted partner by proactively communicating risks, celebrating wins, and ensuring cloudIT's solutions are seen as indispensable to the client's operations.
• Translate complex security concepts into plain language that resonates across industries and experience levels.

What You Bring

• 5 or more years in information security, with at least 2 years in a leadership or advisory capacity.
• Hands-on experience working with s and the ability to engage effectively with both IT leaders and non-technical business owners.
• Relevant certifications preferred: CISSP, CISM, CISA, CCA, CCP or equivalent.
• Working knowledge of frameworks and regulations including NIST CSF, ISO 27001, HIPAA, PCI-DSS, and CMMC.
• The ability to explain complex security risk in plain language, whether you are talking to a seasoned IT director or a business owner hearing about a threat for the first time.
• Comfort managing multiple client engagements with competing priorities and varying levels of security maturity.
• Familiarity with -relevant security tools including MDR, SIEM, IDS/IPS, endpoint protection, and cloud security platforms.
• Experience working with or for a managed service provider (MSP) or TSP is a strong plus.

What We Offer

• Salary: $90,000 to $120,000 annually, based on experience, with performance-based incentives.
• Professional development support including certification sponsorship and continuing education.
• A collaborative team that takes security seriously and has fun doing it.
• Comprehensive health, dental, and vision insurance.
• 401(k) with company match.