Chief Information Security Officer

About the Role

Ntiva is building a unified security function across our business. This high‑priority executive role will protect our internal operations and clients while expanding security services into a strategic revenue driver.

• Define and execute the enterprise information security strategy, roadmap, and budget.
• Own the internal risk management program: threat management, vulnerability management, access governance, and third‑party risk.
• Lead compliance and audit activities including SOC 2 Type II and CMMC Level 2 certification.
• Serve as the executive security voice in client contracts, vendor contracts, security questionnaires, RFP responses and other compliance‑related requests.
• Drive the security awareness and training program across all employees and contractors.
• Lead the strategy, staffing model and tooling for our 24x7 Security Operations Center.
• Own the incident response program: runbooks, tabletop exercises, on‑call rotations, and post‑incident reviews.
• Be the executive lead during active security incidents affecting the company or our clients, including customer and regulator communication.
• Define detection engineering priorities and measure SOC effectiveness with clear KPIs (MTTD, MTTR, false‑positive rate).
• Scale and mature our vCISO service line and maintain senior client relationships.
• Shape our Governance, Risk and Compliance consulting offering.
• Partner with Sales to scope security engagements and convert technical credibility into pipeline.
• Partner with the CTO and product team to define the roadmap for security service offerings.
• Lead, mentor and grow the existing security team; make hiring and structural decisions.
• Report to the CTO and executive team on security posture, risk and program investment.
• Represent the company's security practice externally at industry events, analyst briefings and strategic partner relations.
• Develop and implement strategic plans for integration of acquired security practices and organic growth.
• Maintain budgetary accountability for the Security Operations Team and Security Services Business Revenue.

• 7–10 years of security leadership experience, including 3+ years in a Chief Information Security Officer or equivalent role.
• Hands‑on ownership and successful completion of multiple SOC 2, HIPAA, CMMC or NIST audit cycles.
• Demonstrated experience leading incident response for material incidents.
• Experience managing and partnering with multiple 24x7 SOC teams.
• Track record of building or scaling a security team and the program it runs.
• Strong written and verbal communication skills.
• Comfort operating in a fast‑moving, client‑service environment.
• Warm, welcoming team‑oriented demeanor with ability to craft a positive security‑aware culture.

• Experience at an Enterprise Scale Organization, MSP, MSSP or security consultancy.
• Direct fractional CISO client‑facing experience.
• Experience preparing an organization for new compliance certifications.
• Relevant certifications such as CISSP, CISM, CCSP or CISA.
• Familiarity with tooling common to MSP environments (RMM, PSA, EDR/XDR/AV, SIEM, ITDR, SAT, etc).

• A single, articulated security strategy with executive and board buy‑in.
• Existing compliance frameworks maintained without findings.
• World‑class SOC and incident response capability with published metrics.
• A productized vCISO offering with growing revenue and named reference clients.
• A stable, growing security team that attracts talent in the market.

• Work authorization: U.S. citizenship required for federal government contract obligations.
• Workspace requirements:
  Dedicated safe workspace at home or office; compliance with Ntiva IT User and Security Policies.

• Preferred market:
  Chicago, IL (commute to Lombard); other markets:
  Kansas City, KS;
  New Orleans, LA;
  Shreveport, LA;
  Mc Lean, VA.
• Work from home with regular travel (10%–40% of month).
• Base salary: $200,000–$275,000, depending on experience.
• Annual performance bonus and equity participation.
• Comprehensive medical, dental, vision and 401(k) with match.

This role is essential to protecting internal operations and expanding security services into a strategic revenue driver.