Virtual Chief Information Officer

Virtual Chief Information Officer (vCIO)

Department: vCIO Practice Reports to: President Location: Waynesboro, VA (hybrid; occasional client\-site travel within the Mid\-Atlantic) Employment Type: Full\-time, exempt

Position Summary

The vCIO owns the technology direction for a portfolio of E·N Computers clients. The role sits between the client's business goals and ENC's technical execution and turns both into a coordinated plan. The vCIO is the source of strategy — not a downstream responder, not a project manager, not a salesperson, and not a replacement for engineering. The output of the role is better decisions made earlier, with the consequences visible before commitments are written.

This is a senior, client\-facing position that carries institutional memory across meetings, projects, and tickets. Clients should not have to re\-explain their environment or priorities from one conversation to the next. The vCIO is the reason they don't.

Core Responsibilities

Strategy and roadmap ownership. Own each assigned client's multi\-year IT roadmap and prioritization. Translate technical work into business impact. Frame tradeoffs so the client can make deliberate decisions rather than reactive ones. Maintain initiative tracking between calls so progress is confirmed, not discovered, in the room.

Project charter authorship and proposal layer. Interpret the Account Manager's intake charter and produce the proposal layer that sits between charter and SOW — options, sequencing, phasing, risk framing, and dependencies. Sign off on the proposed technical approach before the TAM converts it to scope. The proposal is a decision conversation; the form is secondary to whether the conversation actually happened.

Risk identification and technical decision\-making. Surface architectural, vendor, and operational risk early — when it is still a decision rather than an incident. Make or guide technical decisions on infrastructure, cloud (M365 Commercial and GCC High), networking (Cisco Meraki and equivalents), endpoint, identity, and security tooling.

Compliance advisory. Lead client\-facing compliance strategy for CMMC Level 1 and Level 2, NIST SP 800\-171, ITAR/EAR CUI handling, SEC Regulation S\-P, FedRAMP\-adjacent licensing questions, and other frameworks relevant to ENC's DIB, financial services, and government verticals. Coordinate with internal compliance specialists (e.g., policy review, SSP authorship) without duplicating their work.

Vendor evaluation, selection, and accountability. Lead vendor decisions that affect architecture or roadmap. Hold underperforming vendors accountable. Frame vendor tradeoffs in terms the client can act on.

QBR ownership. Own QBR agenda content, findings, and recommendations. Drive strategy and technical discussion in the room. Document decisions live and update the initiative tracker within 24 hours.

AI governance and adoption. Advise clients on AI tooling decisions, Copilot licensing, data governance, and acceptable\-use posture. Frame AI adoption as a sequencing and risk question, not a feature question.

Internal effectiveness. Improve ticket quality upstream by ensuring context is captured before work starts. Connect project work to day\-to\-day support. Filter unclear requests before they reach engineering. Give Account Managers and engineers clear, consistent messaging for client conversations.

Escalation layer. Engage when the root cause is strategic, recurring, or requires architectural or roadmap adjustment. Not a Tier 1 or Tier 2 responder. Escalate to the President when an issue is business\-level, contractual, or carries retention risk.

What This Role Is Not

• A dispatcher for tickets

• A project manager for every task

• A salesperson pushing tools or licenses

• A replacement for engineering judgment

• A first responder for service issues

The role is not to do the work. The role is to make sure the work makes sense.

Required Qualifications

• 8\+ years of progressive IT experience, with at least 3 years in a client\-facing advisory, vCIO, IT director, or senior consulting role at an MSP, MSSP, or in a comparable internal IT leadership seat.

• Demonstrated ownership of a multi\-client portfolio or a complex internal environment, including roadmap, budget, and vendor decisions.

• Working fluency in the Microsoft 365 ecosystem (Commercial and at least exposure to GCC/GCC High), Azure/Entra identity, endpoint management (Intune or comparable), and modern networking (Cisco Meraki or equivalent).

• Practical experience advising on at least one major compliance framework: CMMC, NIST 800\-171, NIST CSF, SOC 2, HIPAA, PCI\-DSS, or SEC Reg S\-P.

• Strong written communication. Able to author charters, proposals, roadmaps, and QBR deliverables without an editor in the loop.

• Executive presence sufficient to brief owners, CFOs, and outside counsel without an account manager translating.

• Comfort framing tradeoffs and saying "no" or "not yet" with rationale, in front of clients.

Preferred Qualifications

• Direct CMMC Level 2 advisory experience, including SSP authorship and C3PAO assessment preparation.

• Familiarity with GCC High migration patterns and the commercial implications (licensing, tenant separation, identity).

• Experience advising regulated financial services clients (RIAs, broker\-dealers) on Reg S\-P, FinCEN AML, or comparable requirements.

• Industry certifications such as CISSP, CISM, CISA, CCSP, Microsoft MS\-102 / SC\-100 / SC\-401, AZ\-104, or equivalent. Certifications are evidence, not a substitute.

• Experience operating inside an EOS/Traction\-driven business (Rocks, L10 cadence, scorecards).

• Familiarity with PSA/RMM toolchains (Halo PSA, NinjaRMM/NinjaOne, ConnectWise, Autotask) at an operator level — enough to read data, not necessarily to administer the platform.

Operating Principles

The successful candidate operates from a consistent set of principles, drawn from how this role is already practiced at ENC:

• Context before action. Most issues are not technical first. They are missing context, unclear ownership, or fragmented history. Don't guess at the system.

• There are only tradeoffs. Every decision improves something and creates a constraint somewhere else. The job is to make the consequences visible.

• Preparation is the product. Clients are buying foresight, sequencing, and judgment under pressure — not activity or reporting.

• Systems over heroics. If success depends on one person, it will fail under pressure. Build repeatable processes and clear ownership.

• Surface risk early. Late problems are incidents. Early problems are decisions. Move issues upstream.

• Fidelity over translation layers. Direction flows from the vCIO directly to the point of action. Avoid double\-translation that dilutes the signal before the client hears it.

Success Indicators (First 12 Months)

• Engineers report less time spent reconstructing client context before work starts.

• Quotes and SOWs leaving the TAM reflect vCIO\-reviewed analysis, not parallel work.

• Portfolio QBRs run on a documented cadence with prepared agendas and tracked initiatives.

• Client\-side retention and expansion in the assigned book of business.

• Stalled initiatives are flagged internally before clients notice.

• For DIB clients on a CMMC trajectory, defensible progress against the assessment timeline.

• Measurable reduction in escalations that arrive at the vCIO without prior context.