Get trusted security leadership with a dedicated virtual CISO to guide your strategy and operations. Our retained engagement offers tailored expertise when you need it.

Whilst there are industry standards for information security, there aren’t any that define a vCISO.  It’s important when assessing potential services that you gain clarity on what they do and do not include.

With our service you’ll:

• Develop a security program that addresses the organisation’s business and compliance needs within the board’s risk appetite;
• Be able to make risk-informed decisions to keep your organisation safe;
• Demonstrate to the people you serve (beneficiaries, clients, customers, and so on) that you are a safe organisation to work with; the increase in customer trust likely resulting in an increase in revenue;
• Gain confidence in your own role with an independent consultant there to back you up or steer you in another direction according to business needs;
• Save money on your revenue budget when compared to a full-time resource;
• Benefit from opportunity cost savings and increased wellbeing by reducing the burden and hours spent managing security on top of the day job;
• Potentially be offered reduced insurance premiums due to having a named vCISO that reports to the executive team and board;
• Have access to independent recommendations for appropriate security investments that are value for money and provide the required level of protection for the future sustainability of the organisation;
• Be able to flex the level and type of services as your needs change.

Core Package Includes:

Onboarding

• Information gathering and business context setting session(s) with the Client’s stakeholders covering organisation, structure, culture, strategy, objectives, pain points, and legislative, regulatory, contractual, and business requirements;
• One IT Security diagnostic program to provide baseline and insight;
• A discount on any additional diagnostics that you may ask us to run for you during the term of the contract.

Retained engagement (1 year minimum)

• Named vCISO and profile for inclusion on your organisation chart and declarations to external parties;
• Integration of security into the organisation’s governance framework;
• Remote attendance and presentation to board meetings, executive leadership team meetings, chief executive briefings; and information security steering committee (or equivalent).
• Regular meetings with governance, risk, and compliance professionals, e.g., corporate governance, data protection, legal, portfolio/programme/project office, procurement);
• Regular access to professional, specialist expertise;
• Access to relevant briefings, software reviews, and research;
• Access to IT leadership training content powered by InfoTech;
• Access to our vCISO support portal enabling your staff to log security tickets, and view organisation specific knowledge base for Q&A;
• Dedicated slack channel for priority matters.

Support levels available:

• Enhanced – 1 day per week
• Standard – 2 days per month
• Basic – 1 day per month
• Custom – if our standard offerings don’t meet your needs, get in touch for a tailored estimate.

• Ensuring an executive sponsor from your organisation is allocated to the engagement, communicates the rationale behind it and signs off any ‘Terms of Reference’.
• Assisting in all possible ways to ensure that a contract, (and confidentiality agreement where necessary) is in place, in advance of any work commencing.
• Ensuring all support is in place and access is granted for all and any required data, processes, policies, meeting rooms and nominated resources to enable successful delivery of the engagement.
• Ensuring sponsor availability within the agreed timeline, to resolve any significant issues that may impact the timely completion of the engagement, if not resolved in a timely manner.

Work with a consultant that:

• Is your trusted security advisor; they get to know you, your organisation’s culture, and what you need to better protect it;
• As an impartial third party, is not subject to internal or political pressures in the same way a full-time in-house CISO can be;
• Has experience across multiple organisations, sectors, both regulated and unregulated;
• Understands and appreciates the difference between being ‘secure’ and being ‘compliant’ and the balance to be struck between them;
• Brings both independent and diverse thinking with them;
• Is active in the profession and committed to life-long learning, staying abreast of this fast-paced area;
• Proactively shares knowledge, upskilling those they work with;
• Respect all personal and professional development of client team members throughout the engagement.

The core deliverable is having an experienced security leader available as a trusted advisor to guide the organization’s security strategy, operations, and maturity. We customise deliverables to the client’s specific needs and challenges during the engagement.  Typical deliverables may include:

• Strategic security plans and roadmaps
• Risk assessments and analysis
• Security policy and standards development
• Security awareness training and communications
• Incident response planning and testing
• Compliance assessments and audit support
• Vendor security reviews and recommendations
• Board-level reporting and advice
• Ongoing advisory services and expertise.

NOTE: These may incur additional charges and are scoped and charged on a deliverable basis.  No work will be undertaken that incurs additional charges without the prior written agreement of the client.

A HiveMind Subscription Service enables clients to flexibly engage with HiveMind Expert(s) in line with the subscription purchased. Subscriptions typically run for 12, 24 or 36 months or can also be arranged on a rolling 6 monthly basis. Subscriptions for 6 or 12 months are billed at the commencement of service, with billing for 24 or 36 month contracts taking place on the annual anniversary of subscription commencement.

• Cybersecurity Strategy
• Cybersecurity Risk Assessment
• cyber security
• Information governance
• information security
• ISO 27001 Consultancy

• Organisational Agility & Effectiveness
• Process Effectiveness & Automation
• Digital Enablement

• Charities
• Healthcare
• Transport and Logistics
• Business Services
• Power and Utilities

• Proposition: Cyber Security, Risk and CISO