Virtual CISO

Description

DOT Security’s mission is to improve the security posture of client organizations by providing detection, response, risk management, and compliance services as identified and required. DOT Security will implement processes, technology, and subject matter expert personnel to monitor and respond to client needs in the cybersecurity and compliance space. Working with client organizations, DOT Security will continuously measure and improve internal processes and technology, which will translate to improved services provided to the client.
 
DOT Security is seeking team members who are passionate about Cybersecurity, detailed-oriented, desire for continuous learning, and enjoys working in a collaborative environment. We provide our employees with a career progression path, that challenges our team to grow as cybersecurity professionals with strong cybersecurity skills. As a member of Dot Security, you will get the opportunity to work from a brand-new, state of the art Security Operations Center (SOC) facility.

What you will be doing:

A Virtual CISO (vCISO) acts as the client liaison for Managed Security services. The vCISO coordinates with the SOC team, client executive leadership, and client IT support to ensure excellent services are delivered.

The vCISO is not a remote position. The vCISO is required to be on-site at the DOT Security - Security Operations Center.

• Assess client cybersecurity posture, identifying risks, gaps, and vulnerabilities
• Recommend and help implement security training, tools, and policies 
• Review client cybersecurity policies, procedures, and controls with actionable feedback
• Monitor and report on telemetry, vulnerability scans, and incident trends 
• Maintain and update client Risk Registers with clear notes and next steps 
• Track client progress against frameworks such as CIS Controls and NIST CSF 
• Translate technical security risks into clear business impacts for decision-makers 
• Identify, escalate, and assist in resolving security issues with urgency 
• Support incident response and remediation efforts where needed 
• Develop concise reports and communicate updates to IT and executive stakeholders 
• Contribute to the development and improvement of security processes and procedures
• Stay current with emerging threats, tools, and best practices to guide clients effectively

Things We Are Looking For

Knowledge/Skills/Abilities

• Strong client relationship management, including listening, expectation setting, and results delivery
• Strong understanding of core cybersecurity concepts (networks, assets, data, users) 
• Ability to assess risk and provide practical recommendations 
• Clear communicator with both technical and non-technical audiences 
• Strong problem-solving, documentation, and customer service skills 
• Familiarity with security frameworks (CIS, NIST, MITRE, OWASP) 
• Hands-on exposure to system administration or vulnerability testing 
• Interest in continuous learning and staying current with threats and tools

Other Desired Attributes

• Public Trust background check (Limited Requirement)
• Relevant work experience in managed services industry
• Cyber community participation (conferences/groups/tool authoring/CTFs)
• Understanding of CIS Controls, NIST CSF, MITRE ATT&CK, and OWASP
• Relevant degree or certifications (Security+, CySA+, CEH; CISSP/CISM a plus)

Benefits

• Expected compensation range of $130,000-$150,000 + bonus eligibility
• 20 days of PTO 
• 12+ paid holidays
• Flexible Sick Day Policy
• Paid Parental Leave
• Comprehensive Health, Disability Life, Dental and Vision Plans
• 401(K) discretionary match & retirement plans 
• Continued education reimbursement
• On-going training and development opportunities 

#LI-Onsite