Chief Information Security Officer

Are you looking for limitless career opportunities with a company that values growth, innovation, and teamwork? At Ntiva, we’re more than a Managed Services Provider, we’re a community dedicated to helping each other, our clients, and their businesses thrive both personally and professionally. Ntiva is a culture of people who are passionate about the work…and each other.  

Our clients view us as an essential part of their teams, relying on us for strategic guidance, fast solutions to complex challenges, and proactive support. With strategic locations across the U.S. and leadership from our founder, Steven Freidkin, we’re on the front lines of a fast-paced industry, facing cybersecurity threats and rapid technology changes together.  

If you thrive in a dynamic, supportive environment and enjoy going above and beyond, we’d love to meet you. Come explore one of our many opportunities and grow with us! 

About the Role 

We are a growing Managed Service Provider expanding our security leadership and building a unified security function across our business. This is a high-priority executive investment with a dual mandate: protect our internal operations and the clients who trust us with their infrastructure, while expanding our security service lines into a strategic revenue driver. You will own our security posture end-to-end, from internal risk and compliance, through our SOC and incident response capability, to client-facing vCISO engagements and the security products we bring to market. 

You will inherit a capable security team and have a direct line to the CTO and executive leadership. This is an ideal opportunity for a security leader with 7–10 years of experience ready to define what good looks like at a maturing MSP. 

What You'll Own 

Internal Security & Compliance 

• Define and execute the enterprise information security strategy activities, roadmap, and budget. 

• Own the internal risk management program: threat management, vulnerability management, access governance, and third-party risk. 

• Lead all compliance and audit activities including SOC 2 Type II, and CMMC Level 2 certification. 

• Serve as the executive security voice in client contracts, vendor contracts, security questionnaires, RFP responses and other compliance-related requests. 

• Drive the security awareness and training program across all employees and contractors. 

Incident Response & SOC 

• Lead the strategy, staffing model, and tooling for our 24x7 Security Operations Center. 

• Own the incident response program: runbooks, tabletop exercises, on-call rotations, and post-incident reviews. 

• Be the executive lead during active security incidents affecting the company or our clients, including customer and regulator communication. 

• Define detection engineering priorities and measure SOC effectiveness with clear KPIs (MTTD, MTTR, false-positive rate). 

Client-Facing Services (vCISO & GRC) 

• Scale and mature our vCISO service line: delivery methodology, playbooks, solution architecting and senior client relationships. 

• Directly advise our highest-value clients as their fractional CISO on strategy, board reporting, and regulatory posture. 

• Shape our Governance, Risk, and Compliance (GRC) consulting offering, including readiness assessments, policy development, and audit support across SOC 2, HIPAA, CMMC, NIST and other . 

• Partner with Sales to scope security engagements and convert technical credibility into pipeline. 

Security Product Development 

• Partner with the CTO and Product team to define the roadmap for our security service offerings and any productized security tooling. 

• Translate threat landscape shifts and client pain into product requirements and differentiated offerings. 

• Represent the voice of the security practitioner in architecture and build-vs-buy decisions. 

Leadership 

• Lead, mentor, and grow the existing security team; make the hiring and structural decisions needed to scale. 

• Report regularly to the CTO and executive team on security posture, risk, and program investment. 

• Represent the company's security practice externally at industry events, in analyst briefings, and with strategic partners. 

• Develop and implement strategics plans that support the integration of acquired security practices and for the organic growth of the existing business in line with corporate goals. 

• Maintain budgetary accountability for the Security Operations Team, and the Security Services Business Revenue.  

What You Bring 

• 7–10 years of security leadership experience, including 3+ years in a Chief Information Security Officer or equivalent role (IT Security Officer, Deputy CISO, Managing Partner, IT Security Practice). 

• Hands-on ownership and successful completion of multiple: SOC 2, HIPAA, CMMC, or NIST 800-171/800-53 audit cycles, including designing, leading and supporting the program. 

• Demonstrated experience leading incident response for material incidents, including executive and customer communication, response strategy and repeatable successful outcomes. 

• Experience managing and closely partnering with multiple 24x7 SOC teams (in-house, co-managed, and outsourced). 

• Track record of building or significantly scaling a security team and the program it runs. 

• Strong written and verbal communication, for example, demonstrated ability to move fluently between a board deck, a customer sales call, and a specific security service event. 

• Comfort in operating in a fast-moving, client-service environment where security is both internal function and a company revenue driver. 

• Warm and welcoming team-oriented demeanor with clear abilities to craft a positive security aware culture throughout an organization, and with its client base.   
  
  

Strongly Preferred 

• Prior experience at an Enterprise Scale Organization, MSP, MSSP, or security consultancy. 

• Direct vCISO or fractional CISO client facing delivery experience. 

• Experience preparing an organization for new compliance certifications. 

• Relevant certifications such as CISSP, CISM, CCSP, or CISA. 

• Familiarity with the tooling common to MSP environments (RMM, PSA, EDR/XDR/AV, SIEM, ITDR, SAT etc).  

What Success Looks Like in Year One 

• A single, articulated security strategy with executive and board buy-in. 


• Existing compliance frameworks maintained without findings. 


• World-Class SOC and incident response capability, with published metrics. 


• A productized vCISO offering with growing revenue, and named reference clients. 
  
  
  
  • A security team that is stable, growing, and is a place that security people in our market want to work. 
  
  
  
  

Compensation & Logistics 

• Candidates based in Chicago IL area preferred (commute to Lombard, IL); Other market options include Kansas City KS, New Orleans LA, Shreveport LA, Mc Lean VA 


• Work from home; regular travel (10% to 40% a month depending on circumstances) for leadership offsites, key client visits, industry events and other situations as required. 


• Base salary: $200,000–$275,000, depending on experience. 


• Annual performance bonus and equity participation. 


• Comprehensive medical, dental, vision, and 401(k) with match. 

The base pay offered may vary depending on multiple non-discriminatory factors including, but not limited to, market location, job-related knowledge, skills, and experience. The total compensation package for this position also includes medical benefits, 401(k) eligibility, and PTO. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment.

FLSA Status: Salaried, Exempt 

Work Authorization Criteria 

This position requires U.S. citizenship due to federal government contract obligations and access to secured information systems.  

Workspace Requirements and Remote Work Policy 

Team members must establish a dedicated safe workspace that is free from distractions, hazards, and that is secure from unauthorized access. This includes following Ntiva’s IT User and Security Policies that include but are not limited to password-protecting all equipment, keeping confidential and proprietary documents secure, refraining from using public Wi-Fi, having adequate arrangements in place to avoid significant interruptions from caregiving responsibilities during work hours (except in emergency situations with manager approval). Any remote work away from a team member’s normal expected dedicated safe workspace must be requested by team member, is subject to review by management, and must adhere to Ntiva policies and procedures.   
 
Our Commitment to a Diverse Workforce 

At Ntiva, we are committed to creating and maintaining a diverse, inclusive, and welcoming work environment for all employees and job applicants. We firmly believe that a diverse workforce fosters a wider range of perspectives, experiences, and ideas that lead to increased creativity, innovation, and problem-solving capabilities. As an equal opportunity employer, we actively seek to recruit and retain a diverse workforce that reflects the communities we serve. We prohibit discrimination of any kind, including but not limited to race, color, religion, gender, gender identity or expression, sexual orientation, marital status, national origin, age, hair length, protective hairstyles, organ donor status, disability, veteran status, or any other legally protected status and comply with all applicable laws governing nondiscrimination in employment. 
 
Application Deadline: The sooner you apply, the sooner we can get to know you! Submit your resume today! Applications will be accepted until 05/27/26.