GUEST POST // What does a virtual Chief Information Officer (vCIO) do and why would you want one?

By Joshua Peskay of RoundTable Technology

The Nonprofit vCIO

The term virtual Chief Information Officer (vCIO) has been around for well over a decade now, but even today, if you ask ten different people what a vCIO does you may well get ten different answers. 

This article does not claim to be the definitive answer to the question of what a vCIO does, but we will do our best to explain:

  • How the vCIO role emerged

  • The kinds of things a vCIO does

  • What value a vCIO can provide to a nonprofit

  • Why a nonprofit might want to engage a vCIO

  • What qualities to look for in a potential vCIO

Vacancies in the Nonprofit C-Suite

Let's start with a look at the c-suite of a typical large enterprise.

For purposes of this article, we will focus on just the technology roles represented on this enterprise org chart. On the far right, we’ve got Billie Wexler, Chief Information Officer (CIO), with a CTO (Tyler) and a CISO (Toby) reporting to her. This business has the resources to assign a dedicated full-time person in the c-suite for each role of Information, Technology and Cybersecurity as separate functions. 

Over on the left side, we see Barrie Turner as responsible for Project Management and Eric Wells for Change Management. And next to them we have Alan Miller, Chief Data Officer (CDO) and Angelica Frisch, Data Privacy Officer (DPO) responsible for data governance and data privacy, respectively. If we do some simple addition we will find that this business has no less than seven (7) full-time positions dedicated to information technology governance. 

Now, let’s take a look at how many of these positions have full-time representation in a typical nonprofit.

Wow, that’s a lot of vacancies in our nonprofit c-suite, right? Now, just because our nonprofit doesn’t have anywhere near the budget to fill these missing positions does not mean the functions don’t need to be performed. Our nonprofit certainly needs a high level of overall information technology services (the CIO’s responsibility). We still need reliable and high functioning technology (CTO) and robust cybersecurity (CISO). We need data systems that support our workflow, reporting and analytics needs (CDO) and to ensure we are compliant with existing and emerging data privacy laws (DPO). We need to successfully plan and implement projects (PM) and effectively support the organizational change those projects entail (CM).   

Our nonprofit has these needs, but no budget for positions to fulfill those needs. So what is Miriam, our smart, resourceful and dedicated leader, to do? Well, here’s what we most often see Miriam try:

Miriam turns to her trusted, hard-working and incredibly competent COO, Liza, and asks her to oversee the organization’s technology. (I observe Nonprofit leaders choosing the CFO just as often, but using the COO as the example here)

Good luck, Liza!

Liza may have one or two people or even a small team of internal IT staff that are under her management, but they will typically have titles like “System Administrator,” “IT Manager,” or “Wordpress Developer” and may or may not have the skills to adequately perform any of the IT roles missing from our nonprofit c-suite. Or, perhaps Liza engages an outsourced technology provider (sometimes called a Managed Service Provider or MSP) in which case Liza has the same issue, but with outsourced resources. 

In either case, now Liza is tasked with supervising the organization’s IT function and determining the appropriate resource allocations, cybersecurity posture, data quality, service delivery and everything else. Liza may be a fantastic COO and an incredibly smart and capable person, but in being given responsibility for Information Technology, she’s being asked to manage a function she doesn’t feel nearly as competent to manage. 

Liza is not sure what to expect from our nonprofit’s IT resources and if they are performing above or below industry standards. Liza reads about ransomware and other cyber-threats and isn’t confident that our nonprofit has a reasonable cybersecurity posture. Liza reads about emerging data privacy laws such as GDPR, CCPA, NY SHIELD and others and wonders if and how they affect our nonprofit. Liza is tasked with deciding whether to renew a big contract for a longtime database vendor or migrate to Salesforce and she is not confident in her ability to evaluate these choices. Liza is noticing a certain inertia taking hold with technology at the organization. Changes only happen when critical. Important, but non-urgent technology projects stagnate.

As a result of all this, Liza begins feeling overwhelmed and unsure of how she can govern information technology at the high standard she expects of herself. 

Where the vCIO Fits In

We mentioned that Miriam and Liza are both incredibly smart, capable, resourceful and hard-working. So after some time, they both realize that the organization is not being served well by this arrangement. 

Miriam and Liza discuss what to do about this and they decide to hire a virtual CIO, let’s call him Adam Afumba.

Adam and Liza begin meeting regularly. Adam spends some time learning about the overall organizational strategy and where the information technology is succeeding or failing in supporting that strategy. Adam works with Liza to make sure he understands the larger organizational needs and only then begins working with Liza on the information technology strategy. 

Adam meets with the IT staff (and/or the outsourced vendor(s)) and establishes appropriate expectations for roles, responsibilities and service delivery. Adam works with Liza to establish key measures of success for IT. Adam helps Liza better understand the current cybersecurity posture, identifies risks and provides recommendations for risk mitigation. Adam helps clarify what data privacy regulations apply to our nonprofit and helps establish a two-year roadmap toward compliance. 

When Liza gets tasked with managing the information technology component of the annual financial audit, Adam helps Liza and the team review the prior year’s findings and coordinate the gathering and providing of requested documentation to the auditors. Adam also sits in on the  IT audit meetings and helps our nonprofit respond to audit questions and findings. 

After several months of working together, Adam and Liza gather a group of senior leaders at our nonprofit and form a technology steering committee. Twice a year, Adam and Liza prepare a comprehensive presentation for the steering committee that includes an updated technology roadmap, a strategic technology plan and an executive summary of both completed and planned projects. 

Through all these activities, Liza not only feels a much higher level of confidence in her ability to effectively govern technology at our nonprofit, but she is getting a much higher level of input and buy-in from key stakeholders across the organization. 

The Qualities of an Effective vCIO

This is perhaps the most subjective part of this article, but based on my experience both working with CIOs and providing vCIO services, here are the attributes I recommend you look for in a potential vCIO:

Leadership savvy 

A vCIO needs to work with leadership to understand organizational goals and how information technology can help support those goals. Technology cannot exist for its own sake, a good vCIO must understand how to convey technology risks and opportunities to leadership in a way that is clear and allows leadership to make well-informed decisions about resource allocation, risk tolerance and prioritization. 

Management Skills

An effective vCIO must be able to help lead a team to deliver consistently high performance levels. This requires experience and skills in active listening, root cause analysis, understanding team dynamics and accountability, project management, change management, delegation and prioritization.

Technology Skills

Some people might assume that technology skills would be first on this list. And it’s true that technology skills are critical to vCIO success. The reality, however, is that technology is such a far-ranging field that no single person can be expected to have a high level of expertise in ALL the technological aspects required for today’s nonprofit operations. An effective vCIO may have specific areas of expertise, but much more important is a BROAD range of competence across multiple technology disciplines including technology infrastructure, cloud services, cybersecurity, data governance, data privacy, project management, Agile methodology and emerging technologies. 

A Good Network

An effective vCIO needs access to a network that includes a wide range of technology professionals that the vCIO can bring in when specific expertise is needed for a specific technology need. Because no one person can reasonably be expert in all areas of technology, the effective vCIO understands and respects the edges of their competency and not only advocates for bringing in appropriate expertise where needed, but can recommend specific resources with the needed expertise.

Interpersonal and Communication Skills

A vCIO will have to communicate effectively to a wide range of people about many complex technology topics. A vCIO may have to have “difficult” conversations with various stakeholders. One day a vCIO may have to speak candidly with a nonprofit leader about  discovered risks. Another day the vCIO may have to have a direct conversation with a system administrator about their performance and a lack of preparedness in weekly team meetings. A vCIO will often facilitate conversations and strategic planning discussions between leadership, the technology team and other stakeholders, all with different perspectives and levels of understanding about technology. The degree to which a vCIO can effectively navigate these conversations will go a long way toward determining their success. 

Coaching and Mentoring

An effective vCIO must be able to provide appropriate feedback that helps team members grow and evolve as individuals and as a team. The vCIO should identify skills gaps and direct team members toward appropriate training opportunities to build the skills of the individuals and teams with whom they collaborate

Without all (or at least most) of these qualities, it will be very difficult for a vCIO to achieve success.


This guest post was written by Joshua Peskay.

vCIO / Cybersecurity at RoundTable Technology

Sherry Quam Taylor

Sherry Quam Taylor works with business-minded Nonprofit CEOs whose Strategic Plans require expansive budgets and larger amounts of general-operating revenue for growth. To become investment-level ready, Sherry helps leaders see their revenue potential and helps them see what may be blocking donors from giving in this way. Sherry’s clients know how to attract larger donors by solving the funding challenges at the root of the issue.

As a result of learning her methodology, Sherry’s clients become sustainable, diversify revenue, and know how to add significant amounts gen-ops revenue to their budgets. But mostly, their development departments and board have transformed into high-ROI revenue generators – aligning their hours with relational dollars and set free from the limitations of transactional fundraising.

Sherry attributes the success of her business to her passion for modeling radical confidence to the future CEOs in her house - her two college-aged daughters.

https://www.QuamTaylor.com
Previous
Previous

GUEST POST // What Goes Into an Effective Nonprofit Branding Strategy?

Next
Next

Guest Podcast Episode: "Planning Where You Want to Go" with Stu Swineford