Fractional CISO / vCISO
Fractional Chief Information Security Officer engagement on a monthly retainer. Covers strategy, roadmap ownership, policy and governance, program execution, vendor and audit liaison, board reporting, and continuous security advisory for organisations without a full-time CISO.
How it runs
- 01
Discovery & Gap Assessment
Understand the business, regulatory landscape, current controls, team structure, and risk appetite. Run a gap assessment against a chosen framework such as ISO 27001, SOC 2, NIST CSF, or CIS Controls.
- 02
Strategy & Roadmap
Define a 12 to 24 month security strategy aligned with business goals. Translate into a phased roadmap with clear initiatives, owners, budgets, and measurable outcomes.
- 03
Policy & Governance
Author or refresh the policy stack: information security policy, acceptable use, access control, vendor risk, incident response, and data protection. Set up the governance forums to keep them alive.
- 04
Program Execution
Drive day-to-day execution of the roadmap: vendor selection, control implementation, remediation tracking, audit support, and coordination with engineering, IT, and legal.
- 05
Metrics & Reporting
Define KPIs and KRIs that matter to leadership. Deliver monthly operational reports and quarterly board-ready packs covering posture, risks, incidents, and roadmap progress.
- 06
Continuous Advisory
Act as the security point of contact for new initiatives, customer security questionnaires, incidents, M&A diligence, and regulator interactions throughout the engagement.
AI assist
What you receive
- Security strategy and 12-24 month roadmap
- Refreshed information security policy stack
- Monthly operational security report
- Quarterly board-ready security pack
- Risk register with treatment plans
- Audit and customer questionnaire support
- On-call advisory across the engagement
Ready to scope this engagement?
Every engagement is scoped individually. Get a tailored quote within 24 hours.