Ntiva, a Managed Services Provider (MSP), is hiring a Virtual Chief Information Officer (vCIO) to provide executive-level guidance and strategic Information Technology (IT) leadership for their clients. This role is crucial for developing and managing clients’ long-term IT visions, with a heavy emphasis on cybersecurity compliance, specifically the CMMC 2.0 (Cybersecurity Maturity Model Certification) framework.

This is a full-time, remote position in the United States. The base pay range is expected to be between $100,000 and $150,000 per year, plus a potential annual on-target bonus.

Role Summary and CMMC Compliance Mandate

The vCIO acts as an extension of the client’s organization, guiding their technology, infrastructure, and management. The core focus is on ensuring clients meet stringent federal cybersecurity requirements, particularly those set by the Department of Defense (DoD).

Key Responsibilities:

• Governance & Policy: Define, document, and enforce cybersecurity policies and standards (AUP, DLP, incident response, encryption, etc.). Ensure alignment of policies with CMMC practice families (AC, AU, CM, IA, MP, PE, SC, SI, etc.).
• CMMC Technical Oversight: Lead security configuration and validation of core Microsoft technologies (Microsoft 365, Azure, Intune, Purview) and endpoint devices to ensure CMMC control coverage. This includes overseeing identity and access management (MFA, Conditional Access), logging/monitoring (Sentinel, Defender), and encryption controls (BitLocker, VPN/IPSec).
• Risk & Incident Management: Conduct risk assessments and gap analyses against CMMC objectives. Manage incident response planning and reporting processes (including DoD cyber incident reporting within 72 hours).
• Audit & Evidence Readiness: Actively prepare clients for audits by ensuring artifacts, screenshots, logs, and evidence repositories are complete and mapped to controls. Coordinate readiness assessments with C3PAOs and RPOs.
• Leadership & Strategy: Act as the primary cybersecurity advisor to executives, program managers, and compliance officers. Align security investments with budget, licensing (E3/E5/G3/G5/GCC vs GCC High), and compliance priorities.

Required Experience and Qualifications

The successful candidate will be an experienced IT consultant and security expert with deep, practical knowledge of government cybersecurity compliance frameworks and proficiency in the Microsoft ecosystem.

• Experience (Required): 7+ years of successful experience in designing, implementing, and IT Consulting.
• Compliance Expertise:
  • Deep understanding of CMMC 2.0 Level 1 & 2 (and Level 3 when applicable), NIST SP 800-171, and DFARS 252.204-7012 requirements.
  • Strong grasp of Controlled Unclassified Information (CUI) handling and DoD cybersecurity mandates.
  • Ability to guide System Security Plan (SSP) and Plan of Action & Milestones (POA&M) development and audit preparation.
• IT Management Skills: Proficiency in establishing IT services framework and IT security policies. Experience with project management and budget management.
• Soft Skills: Strong writing, organized documentation/reporting skills, and the ability to build strong relationships with executives and team members.

Bonus Points for:

• Bachelor’s or Master’s degree related to Information Technology.
• Microsoft Azure or M365 certifications.
• Experience in an MSP Environment or with ConnectWise.