Ensuring your organization has a robust cybersecurity environment takes a lot of resources specifically qualified people. For small and nonprofit organizations that don’t have the budget to support hiring so many different professionals, this can be problematic. A typical large enterprise will have several C-Suite and other upper management employees overseeing the IT environment and for each of these titles, there are layers of support staff. Think about how banks operate and how many people they have to employ that are dedicated to data governance, privacy, and data protection. That is a luxury that small and nonprofit organizations cannot afford, yet the data they maintain is just as vulnerable to attacks. Small companies often have a small team of maybe one or two people who are given titles like “System Administrator” or “IT Manager” and may not have the skills to adequately perform any of the IT roles missing from our nonprofit c-suite. Hackers know this and are targeting smaller companies and nonprofits.
Will the person you tasked to manage your small company/nonprofit IT environment know whether the IT resources are working effectively to reduce and manage cybersecurity threats?
Will he/she know what emerging data privacy laws such as GDPR, CCPA, AND NY SHIELD will impact the organization?
Will he/she know whether to renew a big contract for a longtime database vendor or migrate to another cloud-based application?
Will he/she be able to effectively govern?
A lot of questions but there is a solution that can help: using a virtual CIO (known as a vCIO). Let’s take a deeper look at how this can play out.
In this role, the vCIO meets with the COO regularly and spends time learning about the overall organizational strategy and where the information technology is succeeding or failing in supporting that strategy. The vCIO works with the COO to make sure he/she understands the larger organizational needs and only then begins working with COO on the information technology strategy.
The vCIO meets with the IT staff (and/or the outsourced vendor(s)) and establishes appropriate expectations for roles, responsibilities and service delivery; works with the COO to establish key measures of success for IT; helps the COO better understand the current cybersecurity posture, identifies risks and provides recommendations for risk mitigation; and helps clarify what data privacy regulations apply to the organization and helps establish a two-year roadmap toward compliance.
When the COO gets tasked with managing the information technology component of the annual financial audit, the vCIO helps the COO and the team review the prior year’s findings and coordinate the gathering and providing of requested documentation to the auditors. The vCIO also sits in on the IT audit meetings and helps the organization respond to audit questions and findings.
After several months of working together, The vCIO and the COO gather a group of senior leaders at the organization and form a technology steering committee. Twice a year, the vCIO and the COO prepare a comprehensive presentation for the steering committee that includes an updated technology roadmap, a strategic technology plan and an executive summary of both completed and planned projects.
The end result is that the COO can better manage and effectively govern technology for the organization through communication from key stakeholders across the organization.
What are qualities of an effective vCIO?
A vCIO needs to work with leadership to understand organizational goals and how information technology can help support those goals. Technology cannot exist for its own sake, a good vCIO must understand how to convey technology risks and opportunities to leadership in a way that is clear and allows leadership to make well-informed decisions about resource allocation, risk tolerance and prioritization.
An effective vCIO must be able to deliver consistently to help lead a team to high performance levels. This requires experience and skills in active listening, root cause analysis, understanding team dynamics and accountability, project management, change management, delegation, and prioritization.
Some people might assume that technology skills would be first on this list. And it’s true that technology skills are critical to a vCIO’s success. The reality, however, is that technology is such a far-ranging field that no single person can be expected to have a high level of expertise in ALL the technological aspects required for today’s small business or nonprofit operations. An effective vCIO may have specific areas of expertise, but much more important is a BROAD range of competence across multiple technology disciplines including technology infrastructure, cloud services, cybersecurity, data governance, data privacy, project management, Agile methodology, and emerging technologies.
A Good Network:
An effective vCIO needs access to a network that includes a wide range of technology professionals that the vCIO can bring in when specific expertise is needed for a specific technology need. Because no one person can reasonably be expert in all areas of technology, the effective vCIO understands and respects the edges of their competency and not only advocates for bringing in appropriate expertise where needed, but can also recommend specific resources with the needed expertise.
Interpersonal and Communication Skills:
A vCIO will have to communicate effectively to a wide range of people about many complex technology topics. A vCIO may have to have “difficult” conversations with various stakeholders. One day a vCIO may have to speak candidly with a Leadership about discovered risks. Another day the vCIO may have to have a direct conversation with a system administrator about their performance and a lack of preparedness in weekly team meetings. A vCIO will often facilitate conversations and strategic planning discussions between leadership, the technology team, and other stakeholders, all with different perspectives and levels of understanding about technology. The degree to which a vCIO can effectively navigate these conversations will go a long way toward determining their success.
Coaching and Mentoring:
An effective vCIO must be able to provide appropriate feedback that helps team members grow and evolve as individuals and as a team. The vCIO should identify skills gaps, and direct team members toward appropriate training opportunities to build the skills of the individuals and teams with whom they collaborate.
Without all (or at least most) of these qualities, it will be very difficult for a vCIO to achieve success. Take a hard look at your internal management structure to see if a vCIO may be a good fit to improving your cybersecurity environment and allow your organization to grow.