VISO - Remote

Our company helps our clients with technology and IT security, so they can focus on running their business, law firm, school, or medical practice. Big picture - We do all sorts of things, from designing networks to providing ongoing maintenance; we are the company that our clients call for everything from basic computer support to hosted solutions, to network design, to security and compliance management. Some clients want to push the envelope with new technologies, and some want to keep costs to a minimum.

We are onsite approximately 5% of the time and provide remote support, security auditing, compliance management, consulting to internal team members and clients from one of our offices or your home office 95% of the time. We typically work around 40-45 hours per week, although sometimes we work longer and later. (In IT support, things can go crazy, and we must work late sometimes). With the right monitoring tools, standardization, automation, and processes in place, we work to eliminate the crazy the best we can. Our office support hours are 8 AM until 6 PM. We would be lying if we said those were cushy hours playing PlayStation or watching Netflix while listening to clients talk about security issues on the phone. That's not our day - we are busting it to help our clients and move on to the next problem. We have awesome benefits for an organization our size as well: excellent compensation, paid time off, 401k match, phone/internet allowance, sabbatical, bereavement, the list goes on and on.

We are looking for great people who are excited about technology, security and enjoy dealing directly with clients. We're fanatics about client service, we run a responsive and professional operation, and we love what we do. (OK, we don't love it every day, but most days we do.) We're not looking for people who can't handle security issues independently or who hate working with other humans. We are looking to build our team with people who want to learn about the latest IT security trends and want to contribute to our team. Every day is different over here, and you must learn quickly and go with it. Now for the boring requirements . . .

The Virtual Information Security Officer (vISO) is responsible for providing strategic cybersecurity leadership and guidance to assigned customers. This role oversees security governance, risk management, compliance activities, and technical security analysis within customer environments. The vISO ensures customers maintain an effective security posture aligned with business objectives, regulatory requirements, and industry best practices.

The vISO position will report to Cantey Techs Information Security Officer.

Act as the primary security advisor for customer stakeholders, providing guidance on risk, policy, and security strategy.

Evaluate customer environments to identify risks and recommend prioritized remediation strategies.

Complete monthly security scorecards for assigned customers.

Lead monthly internal and customer-facing scorecard reviews in partnership with the vCIO team.

Manage customer security awareness programs, including onboarding, deployment, and reporting.

Develop and maintain customer IT security policies with annual reviews.

Assist with external or third-party security audits required for customers.

Review vulnerability assessment results and penetration test reports; coordinate remediation plans with engineers and service teams.

Analyze security-related data including firewall logs, endpoint alerts, content filtering logs, email security reports, user activity and authentication logs, and backup platforms.

Establish, maintain and update security baselines across customer systems and appliances.

Assist with escalated security-related service tickets and customer concerns.

Review open security tickets weekly to provide timely guidance or next steps.

Evaluate requests for security exceptions (e.g., content filtering or endpoint protection exceptions).

Lead incident response investigations and communication with customers and internal teams.

Review alerts, incidents, and escalations from SOC partners with security and service engineers.

Assist customers in aligning security controls to applicable regulatory and industry frameworks, including HIPAA, PCI-DSS, NIST CSF, NIST 800-53, CMMC/NIST 800-171, and CIS Controls.

Coordinate collection of evidence and documentation for compliance audits or assessments.

Maintain customer compliance status within GRC systems and track implementation progress.

Strong knowledge of cybersecurity principles, threat landscapes, and mitigation strategies.

Working knowledge of Windows Server, Active Directory, Microsoft 365/Google Workspace, and core network/security appliances.

Familiarity with VPN technologies, remote access methods, and security configurations.

Ability to interpret reports from vulnerability scanners, SOC partners, and penetration tests.

Ability to navigate interfaces, review configurations, and generate reports from diverse platforms.

Excellent communication skills with the ability to translate technical concepts for non-technical audiences.

Strong documentation, organization, and presentation abilities.

Experience in compliance or governance roles is preferred.

Customer-focused with strong relationship-building skills.

Able to work independently and manage multiple customer environments simultaneously.

Analytical mindset with attention to detail.

Comfortable presenting to business leaders and executives.

Typical Physical Demands: Requires the ability to sit for extended periods of time, occasionally stooping, crawling, and reaching. May be required to lift up to 60 pounds. Requires normal range of vision and hearing.

Experience Plus: Minimum 3 years experience in IT security field or IT compliance management

Certifications desired, but not required: Security+, CISSP, CISA, CySA+, CASP+

Education: Minimum of associate degree or equivalent experience required.

A couple of other things: You must provide your own transportation and smartphone. Must be fun to work with. Must understand humor. If you've applied before, I've got your resume and will give you a call if it's a potential fit. If, after reading all of this, you are still awake and interested, please fill out all of the details on the right-hand side.