6 min read

What is a Virtual CIO?

Featured Image

The term virtual Chief Information Officer (vCIO) has been around for well over a decade now, but even today, if you ask ten different people what a vCIO does you may well get ten different answers.

This article does not claim to be the definitive answer to the question of what a vCIO does, but we will do our best to explain:

  • How the vCIO role emerged
  • The kinds of things a vCIO does
  • What value a vCIO can provide to a nonprofit
  • Why a nonprofit might want to engage a vCIO
  • What qualities to look for in a potential vCIO
  • Vacancies in the Nonprofit C-Suite

Schedule a 15-Minute Discovery Call

We will start with a look at the c-suite of a typical large enterprise.

vcio Enterprise C-Suite

Let’s review the various technology roles represented on this enterprise org chart. On the far right, we’ve got Amber Thomas, Chief Information Officer (CIO), with a CTO (Tyler) and a CISO (Toby) reporting to her. This business has the resources to assign a dedicated full-time person in the c-suite for each role of Information, Technology and Cybersecurity as separate functions.

Over on the left side, we see Barrie Turner as responsible for Project Management and Eric Wells for Change Management. And next to them we have Alan Miller and Angelica Frisch responsible for data governance and data privacy. If we do some simple addition we will find that this business has no less than seven (7) full-time positions dedicated to information technology governance.

Now, let’s take a look at how many of these positions have full-time representation in a typical nonprofit.

Vacancies in the nonprofit c-suite

Wow, that’s a lot of vacancies in our nonprofit c-suite, right? Now, just because our nonprofit doesn’t have anywhere near the budget to fill these missing positions does not mean the functions don’t need to be performed. Our nonprofit certainly needs a high level of overall information technology services (the CIO’s responsibility). We still need reliable and high functioning technology (CTO) and robust cybersecurity (CISO). We need data systems that support our workflow, reporting and analytics needs (CDO) and to ensure we are compliant with existing and emerging data privacy laws (DPO). We need to successfully plan and implement projects (PM) and effectively support the organizational change those projects entail (CM).

Our nonprofit has these needs, but no budget for positions to fulfill those needs. So what is Miriam, our smart, resourceful and dedicated leader, to do? Well, here’s what we most often see Miriam try:

Typical nonprofit solution

Miriam turns to her trusted, hard-working and incredibly competent COO, Liza, and asks her to oversee the organization’s technology.

Good luck, Liza!

Liza may have one or two people or even a small team of internal IT staff that are under her management, but they will typically have titles like “System Administrator,” “IT Manager,” or “Wordpress Developer” and may or may not have the skills to adequately perform any of the IT roles missing from our nonprofit c-suite. Or, perhaps Liza engages an outsourced technology provider (sometimes called a Managed Service Provider or MSP) in which case Liza has the same issue, but with outsourced resources.

In either case, now Liza is tasked with supervising the organization’s IT function and determining the appropriate resource allocations, cybersecurity posture, data quality, service delivery, and everything else. Liza may be a fantastic COO and an incredibly smart and capable person, but in being given responsibility for Information Technology, she’s being asked to manage a function she doesn’t feel nearly as competent to manage.

Liza is not sure what to expect from our nonprofit’s IT resources and if they are performing above or below industry standards. Liza reads about ransomware and other cyber-threats and isn’t confident that our nonprofit has a reasonable cybersecurity posture. Liza reads about emerging data privacy laws such as GDPR, CCPA, NY SHIELD, and others and wonders if and how they affect our nonprofit. Liza is tasked with deciding whether to renew a big contract for a longtime database vendor or migrate to Salesforce and she is not confident in her ability to evaluate these choices. Liza is noticing a certain inertia taking hold with technology at the organization. Changes only happen when critical. Important, but non-urgent technology projects stagnate.

As a result of all this, Liza begins feeling overwhelmed and unsure of how she can govern information technology at the high standard she expects of herself.

Where the vCIO Fits In


We mentioned that Miriam and Liza are both incredibly smart, capable, resourceful and hard-working. So after some time, they both realize that the organization is not being served well by this arrangement.

Miriam and Liza discuss what to do about this and they decide to hire a virtual CIO, let’s call him Adam Afumba.

Nonprofit plus vcio

Adam and Liza begin meeting regularly. Adam spends some time learning about the overall organizational strategy and where the information technology is succeeding or failing in supporting that strategy. Adam works with Liza to make sure he understands the larger organizational needs and only then begins working with Liza on the information technology strategy.

Adam meets with the IT staff (and/or the outsourced vendor(s)) and establishes appropriate expectations for roles, responsibilities and service delivery. Adam works with Liza to establish key measures of success for IT. Adam helps Liza better understand the current cybersecurity posture, identifies risks and provides recommendations for risk mitigation. Adam helps clarify what data privacy regulations apply to our nonprofit and helps establish a two-year roadmap toward compliance.


When Liza gets tasked with managing the information technology component of the annual financial audit, Adam helps Liza and the team review the prior year’s findings and coordinate the gathering and providing of requested documentation to the auditors. Adam also sits in on the IT audit meetings and helps our nonprofit respond to audit questions and findings.

After several months of working together, Adam and Liza gather a group of senior leaders at our nonprofit and form a technology steering committee. Twice a year, Adam and Liza prepare a comprehensive presentation for the steering committee that includes an updated technology roadmap, a strategic technology plan and an executive summary of both completed and planned projects.


Through all these activities, Liza not only feels a much higher level of confidence in her ability to effectively govern technology at our nonprofit, but she is getting a much higher level of input and buy-in from key stakeholders across the organization.

The qualities of an effective vCIO


This is perhaps the most subjective part of this article, but based on my experience both working with CIOs and providing vCIO services, here are the attributes I recommend you look for in a potential vCIO:

  1. Leadership savvy

    A vCIO needs to work with leadership to understand organizational goals and how information technology can help support those goals. Technology cannot exist for its own sake, a good vCIO must understand how to convey technology risks and opportunities to leadership in a way that is clear and allows leadership to make well-informed decisions about resource allocation, risk tolerance and prioritization.

  2. Management Skills

    An effective vCIO must be able to help lead a team to deliver consistently high performance levels. This requires experience and skills in active listening, root cause analysis, understanding team dynamics and accountability, project management, change management, delegation and prioritization.

  3. Technology Skills

    Some people might assume that technology skills would be first on this list. And it’s true that technology skills are critical to vCIO success. The reality, however, is that technology is such a far-ranging field that no single person can be expected to have a high level of expertise in ALL the technological aspects required for today’s nonprofit operations. An effective vCIO may have specific areas of expertise, but much more important is a BROAD range of competence across multiple technology disciplines including technology infrastructure, cloud services, cybersecurity, data governance, data privacy, project management, Agile methodology and emerging technologies.
     
    • A Good Network

      An effective vCIO needs access to a network that includes a wide range of technology professionals that the vCIO can bring in when specific expertise is needed for a specific technology need. Because no one person can reasonably be expert in all areas of technology, the effective vCIO understands and respects the edges of their competency and not only advocates for bringing in appropriate expertise where needed, but can recommend specific resources with the needed expertise.

  4. Interpersonal and Communication Skills

    A vCIO will have to communicate effectively to a wide range of people about many complex technology topics. A vCIO may have to have “difficult” conversations with various stakeholders. One day a vCIO may have to speak candidly with a nonprofit leader about discovered risks. Another day the vCIO may have to have a direct conversation with a system administrator about their performance and a lack of preparedness in weekly team meetings. A vCIO will often facilitate conversations and strategic planning discussions between leadership, the technology team and other stakeholders, all with different perspectives and levels of understanding about technology. The degree to which a vCIO can effectively navigate these conversations will go a long way toward determining their success.

  5. Coaching and Mentoring

    An effective vCIO must be able to provide appropriate feedback that helps team members grow and evolve as individuals and as a team. The vCIO should identify skills gaps and direct team members toward appropriate training opportunities to build the skills of the individuals and teams with whom they collaborate

Without all (or at least most) of these qualities, it will be very difficult for a vCIO to achieve success.

If you are interested in learning more about vCIO services

If you are interested in whether a vCIO might be a good fit for your organization, we would be delighted to speak with you. You can request a free consultation here and one of our professionals will be happy to speak with you to learn more about your needs and help you determine whether vCIO services are right for you and your organization.

Schedule a 15-Minute Discovery Call

NY SHIELD Act Compliance Checklist for Nonprofits

The New York SHIELD Act (“SHIELD”), which went into effect in 2020, provides needed clarity around what constitutes reasonable data security. The use...

Read More

Protect Yourself from Fake QR Codes

With the pandemic also came a resurgence of QR codes. Once thought dead, at least in the United States, they are now more widespread than ever. From...

Read More

What is Pretexting? How to Avoid Being Victimized

Pretexting is a type of social engineering attack that is often used to gain access to confidential information. In a pretexting attack, the attacker...

Read More