vCISO

The vCISO acts as a senior cybersecurity advisor for assigned clients, guiding them in establishing and maintaining a robust information security posture. This role provides strategic leadership in assessing risk, ensuring compliance with regulatory standards (HIPAA, NIST, ISO 27001), and advising on security architecture, policy, and incident response planning. The vCISO serves as an extension of the client’s leadership team, translating complex security concepts into actionable business outcomes while coordinating with internal delivery teams to ensure execution. This position is exempt and remote. RESPONSIBILITIES Security Governance & Strategy

• Develop and maintain client security strategies and governance frameworks aligned with business objectives.
• Define and implement information security policies, standards, and procedures.
• Ensure security programs align with recognized frameworks (NIST, ISO 27001, CIS Controls).
• Oversee risk assessment programs, establishing priorities and mitigation plans.
• Serve as the client’s trusted security advisor, translating technical risk into business language.

Risk Management & Compliance Oversight

• Conduct regular risk assessments, gap analyses, and compliance audits for assigned clients.
• Lead the development and monitoring of remediation plans and risk mitigation strategies.
• Ensure alignment with regulatory standards (HIPAA, SOC 2, PCI-DSS, GDPR, etc.).
• Coordinate third-party vendor assessments and ensure supply chain security compliance.
• Provide guidance for audit readiness and documentation of compliance evidence.

Client Partnership & Advisory Leadership

• Act as the primary security point of contact for assigned clients.
• Conduct quarterly and annual security reviews with client executives.
• Advise clients on security investments and technology roadmaps to reduce risk exposure.
• Collaborate with Account Managers and Service Delivery Directors to ensure integrated client outcomes.
• Support client education and awareness initiatives to promote a culture of security.

Incident Response & Risk Mitigation

• Develop and oversee incident response plans (IRPs) for clients.
• Serve as a key escalation point during major security incidents or breaches.
• Ensure post-incident reviews identify and address root causes.
• Partner with SOC and Security Operations teams to validate incident containment and recovery.
• Provide executive reporting and communication during security events.

Security Program Development & Standardization

• Drive consistency in security operations frameworks across all clients.
• Contribute to the design and improvement of standardized vCISO methodologies and templates.
• Define and monitor key performance and risk indicators (KPIs/KRIs) for client programs.
• Collaborate with the ITIL Methodology Manager to align security processes with ITIL practices.
• Ensure internal and client-facing teams adhere to security policy compliance standards.

Reporting, Metrics & Continuous Improvement

• Develop and present executive-level security dashboards and risk reports.
• Measure performance against established risk reduction and compliance objectives.
• Track and report on audit findings, incident metrics, and remediation progress.
• Identify opportunities for improvement in client and internal security processes.
• Promote ongoing innovation and improvement in the MSP’s security service offerings.

EXPERIENCE & QUALIFICATIONS Required

• 10+ years of progressive experience in cybersecurity, risk management, or information assurance.
• Demonstrated experience acting as a CISO or senior security leader across multiple clients or business units.
• Strong knowledge of security frameworks (NIST CSF, ISO 27001, CIS Controls, HIPAA).
• Excellent understanding of governance, compliance, and risk management methodologies.
• Exceptional communication and presentation skills with the ability to interface at the executive level.

Preferred

• Experience within a Managed Security Services Provider (MSSP) or MSP environment.
• Bachelor’s degree in Cybersecurity, Computer Science, or equivalent experience.
• Relevant certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer.
• Knowledge of cloud security models and compliance for multi-tenant environments (Azure, AWS, M365).

Core Competencies

• Cybersecurity Governance & Risk Leadership
• Regulatory & Compliance Management
• Strategic Advisory & Executive Communication
• Incident Response & Resilience Planning
• Analytical & Decision-Making Skills
• Collaboration & Cross-Functional Influence

WHY ANATOMY IT? Anatomy IT embraces those that demonstrate a deep passion for solving the problems of healthcare with enthusiasm for building positive working relationships and winning as a team. We believe in putting our customers first, empowering our people to drive growth, being technologically innovative, simplifying the complex, delivering results to our commitments with a sense of urgency while embracing diversity, equity, and inclusion. THE COMPANY Anatomy IT helps healthcare providers deliver exceptional patient care through technology and cybersecurity solutions. With 30+ years of experience, we understand healthcare organizations' unique risks, opportunities, and challenges. Anatomy IT is one of the largest and fastest-growing healthcare IT companies, partnering with over 19,000 providers and healthcare staff nationwide, including ASCs, physician groups and hospitals. BENEFITS We love collaborating and working together as a team. Our benefits include healthcare (medical, dental & vision), 401K fund contribution, paid-time-off, short & long-term disability, and a family atmosphere of caring and concern for each team member. EQUAL OPPORTUNITY EMPLOYER We are proud to be an equal opportunity employer – and celebrate our employees' differences regardless of race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.

• *The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. They are not intended to be a comprehensive list of all responsibilities, and skills required of employees.

Apply tot his job Apply To this Job