Virtual CISO Services
Get access to an experienced information security management and compliance professional on-demand
Get the Expertise You Need, When You Need it.
Your Virtual Chief Information Security Officer is a trusted advisor, providing the expertise, knowledge and skills needed to ensure that your business meets its information security governance, risk and compliance objectives.
Build a vCISO Solution that Fits Your Needs
Our unique, cost-effective service lets you customise deliverables by identifying the specific strategic and tactical assistance you need.
The result is a comprehensive and bespoke vCISO service to meet your business’ information risk management appetite and budget.
-
Strategic Planning
-
Board & Steering Committee Briefings
-
Policies & Awareness
-
Asset Classification
-
Tactical Execution
-
Security Testing
-
Technical Control Remediation
-
Compliance Management
| Deliverables are customised to meet your specific business requirements but typically your dedicated Virtual CISO will: | |
|---|---|
 | Present an overview of the threat landscape |
| Confirm the risk appetite, tolerance, capacity and strategy |
| Design a business information security management system |
| Identify, locate, classify and document information assets |
| Conduct and document risk and threat assessments |
| Conduct and document security compliance gap assessments |
| Produce business remedial recommendations |
| Draft and update policies, standards and guidelines |
| Provide threat landscape information to business stakeholders |
| Manage compliance to information security legislation, regulation or standards (such as ISO 27001, DORA, PCI and SOC 2) |
What’s Included in the Service?
See all Strategic & Tactical Services
Risk Crew’s 3-Step Process to Instant Deployment
- Interview stakeholders to identify and confirm the business risk appetite, tolerance, capacity, specific organisational goals and objectives
- Verify assets and existing resources to confirm information assets, asset owners, sensitivity, location and current capabilities
- Review information security procedures, policies, KRI’s, controls, control objectives, KPIs, evidence and testing activities
- Conduct sample (random) staff interviews to benchmark the current information and cyber risk awareness culture
- Draft a proposed 12-month activity roadmap for implementation in the business
- Document annual and quarterly goals to include objectives and KPIs to measure performance against targets
- The roadmap shall specify reporting subjects, frequency and formatting along with any stand-alone deliverables and target dates required by the business
- Begin implementing the agreed actions; completed and additional added activities shall be regularly confirmed with the business
- The vCISO will maintain the roadmap throughout the life of the engagement
- Continually monitor and measure performance to ensure the business obtains a transparent and tangible return on investment; providing a historical maturity record of the programme
Risk Crew’s service was the right decision for our company. Our dedicated vCISO provided us with immediate response, escalated tasks when required and anticipated security issues. We chose the service option of having the CISO on-site initially and then transitioned to remote only. They are a trusted and valued partner.
Compliance Manager
Pharmaceutical Industry
Not only was our consultant thorough, but he also took the time to teach us additional information security best practices. Being a small business, the virtual CISO option provided us with a low-cost solution rather than hiring a full-time employee.
HR Director
Finance Industry
From the beginning of our engagement with Risk Crew, we were provided with a clear roadmap of what our business needed to align with our risk appetite and business requirements. From the initial call for scoping to the onboarding of our consultant – they made it a simple process and clearly defined the service.
Security Officer
Retail Industry
FAQs
vCISO stands for virtual, Chief Information Security Officer and is an outsourced information security governance, risk and compliance management professional providing agreed to services on an as-needed basis in lieu of a permanent hire position.
Some of a vCISO’s responsibilities include overseeing strategic, operational, and budgetary aspects of a business’ information security governance, risk and compliance requirements. vCISO’s work closely with business stakeholders to define, develop and implement information security policies and procedures for the organisation just as would a permanent hire.
Good communication skills and the ability to quickly understand business information security risk appetite, tolerance and capacity in order to implement an applicable cost-effective strategy to meet these requirements.
Industry surveys indicate that most vCISOs services cost between 30% and 40% of a full-time CISO – direct hire role. That’s a 60% to 70% savings. Learn more on virtual CISO pricing: Maximising Security and Efficiency with CISO-as-a-Service.
Request a Quote or Chat to Get Started Today
Our information security experts will contact you to discuss your specific requirements
Contact Us