Virtual CISO Service

Virtual CISO Service

Access a skilled, experienced information security risk management and compliance professional on-demand

Request a Quote       vCISO Overview Download

Virtual CISO Service

A virtual Chief Information Security Officer (vCISO) is an independent resource that acts as a trusted advisor to the business providing the knowledge and skills needed to ensure that it meets its information security governance, risk and compliance management objectives. In short, you get the talent and experience you need without the overhead. Given the skills shortage in the market today, the service delivers an exceptional return on investment.

Risk Crew provides an extremely flexible vCISO offering created to fit any business model to ensure you get the expertise you need – when you need it. Nothing more. Nothing less.

Our unique, cost-effective service lets you customise deliverables by identifying the specific strategic and tactical assistance you need. To include: setting objectives, procuring solutions, drafting, developing or implementing security policies, guidelines and standards or deploying awareness training – to conducting vendor risk assessments, code reviews, vulnerability scanning, security penetration testing or remediation activities. Our vCISO could also design, implement and manage a framework to ensure your business compliance with standards like ISO 27001, PCI DSS, SOC 2 or DPA.

Anything you need. You get full information security department functionality – on demand. Who else does that?


Features & Components

Risk Crew provides a skilled and experienced Chief Information Security Officer to your business, a CISO on-demand, to meet your specific information security governance, risk and compliance management requirements.

We initially meet with you to understand and confirm your specific business information and cyber risk management goals and objectives in addition to your budget requirements. We then draft a recommended roadmap of vCISO activities and deliverables for your review and approval, documenting specific key performance indicators to ensure these goals and objectives are accomplished.

All vCISO roadmap activities and deliverables are customised to meet your specific business requirements but typically include strategic deliverables such as:

  • Board presentations on the threat landscape
  • Confirm the risk appetite, tolerance, capacity and strategy
  • Design a business information security management system
  • Identify, locate, classify and document information assets
  • Conduct and document risk and threat assessments
  • Conduct and document security compliance gap assessments
  • Produce business remedial recommendations
  • Draft and update policies, standards and guidelines
  • Provide threat landscape information to business stakeholders
  • Manage compliance to information security legislation, regulation or standards (such as ISO 27001, PCI and SOC 2)

Additionally, your Risk Crew vCISO could also deliver tactical deliverables such as:

  • Application secure code reviews
  • Security vulnerability scanning of business systems and websites
  • Security penetration testing of business systems and websites
  • Cloud platform security and compliance audits
  • Remediating technical vulnerabilities
  • Information security awareness training
  • Simulated social engineering attacks (phishing)
  • Wireless and mobile device security testing
  • Vendor security audits
  • Ransomware readiness assessments
  • Testing Incident Response, Business Continuity and Disaster Recovery Plans

The result is a comprehensive bespoke service customised to meet your business’ information risk management appetite and budget.


virtual CISO

Virtual CISO Service Benefits

Why do you need a vCISO when you could simply hire a real one? The answer may differ slightly dependent on the size of your business – but all businesses find three things in common when they look to fill a permanent CISO role. There is a skills shortage, CISOs seldom stay in the role more than two years and recruiting can take between 9-12 months.

This straight-forward pragmatic service has numerous benefits to your business.

Why Choose Risk Crew

Risk Crew vCISOs on average possess over 25 years of hands-on skills and experience in designing, implementing and managing cost-effective information security management programmes. More importantly, they can explain them and demonstrate their value.

Our vCISOs communicate effectively. They think deeply, question assumptions, determine cause and effect and always define and deliver measurable results. We believe that this is what makes a vCISO service effective. So much so we guarantee it. If you are not happy with our services, you are not charged.

When you choose Risk Crew, you’re electing to work with qualified experts.

Don’t just take our word for it, see what our customers say:

[/ux_banner]

Get virtual expertise from the right crew – the Risk Crew and get results for a change.

Frequently Asked Questions

What is a vCISO?

vCISO stands for virtual, Chief Information Security Officer and is an outsourced information security governance, risk and compliance management professional providing agreed to services on an as-needed basis in lieu of a permanent hire position.

What does a vCISO typically do?

A typical vCISO oversees strategic, operational, and budgetary aspects of a business’ information security governance, risk and compliance requirements. vCiSOs work closely with business stakeholders to define, develop, and implement information security policies and procedures for the organisation just as would a permanent hire.

What makes a good vCISO?

Good communication skills and the ability to quickly understand business information security risk appetite, tolerance and capacity in order to implement an applicable cost-effective strategy to meet these requirements.

How much does a vCISO cost?

Industry surveys indicate that most vCISOs services cost between 30% and 40% of a full-time CISO – direct hire role. That’s a 60% to 70% savings.

Request a Quote to Get Started Today

Our information security experts will contact you to discuss your specific requirements



    GRC Consultancy Service(s) of interest:

    ISO 27001 ComplianceSOC 2Virtual CISO ServiceDPA 2018 ComplianceDPO on-DemandPCI Compliance

    Would you like to receive occasional emails on the latest security news and information on Risk Crew services?

    YesNo

    View our privacy notice here.