Virtual CISO
A seated Chief Information Security Officer for organisations that need the function but not the headcount. Named. Cleared. Boardroom-fluent. Attending on a retained, not-fractional-in-name-only, basis.
01 — Overview
A vCISO engagement is not an advisory subscription. It is a seated executive function — with strategy authorship, budget ownership, board reporting, and accountability for outcomes.
Our vCISO clients hire us because a permanent CISO is either premature, in transition, or unnecessary at the scale they operate. What they need is the presence of the office — someone who can answer to the audit committee, negotiate with the enterprise procurement team, and lead the response when things go wrong.
Every vCISO engagement is led by a partner with prior in-house CISO or Group Head of Security experience. No exceptions.
02 — Engagement
Two weeks with the CEO, board, and executive team to agree the mandate, decision rights, and reporting cadence.
A written security strategy on a page, plus a costed three-year roadmap tied to business milestones — Series funding, ATL enterprise motion, geographic expansion.
Weekly with the security team, monthly with the exec, quarterly with the board or audit committee. All deliverables authored to that standard.
The partner drives program delivery: risk management, GRC, architecture direction, vendor oversight, incident readiness.
For clients planning to hire a permanent CISO, we author the role, run the search alongside your talent partner, and hand over cleanly.
03 — Deliverables
04 — Timeline
vCISO engagements are retained on quarterly minimums with a twelve-month initial term. Most clients retain the function for two to four years — long enough to establish the program, exit the CISO-hire question decisively, and demonstrate a maturity trajectory to their board and their buyers.
Ready to begin?
A partner-led readiness call is complimentary. We'll scope your engagement inside forty-five minutes.
Schedule the call →05 — FAQ
A named partner is your vCISO. They lead every board attendance and own the strategy. A small delivery team supports execution beneath them. You will not encounter surprise faces.
Yes. Boardroom presence is a defining part of the engagement, not an add-on. Our partners have sat across from FTSE, Fortune 500, and PE-backed boards, and know how to read the room.
Yes. Where appropriate, we accept being named as your Chief Information Security Officer in enterprise questionnaires, regulatory filings, and public-facing security pages.
We plan for it from the outset if that's the trajectory. We author the role, participate in interviews, and execute a documented handover. Many of our clients retain us in a strategic-advisory capacity beyond the handover.