Voting is now open!
Members, make your selections in the annual (ISC)² Board of Directors election. Vote Now! Voting is open until Sept. 22.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer I

Virtual CISO

Hi all,
my company are looking to use the services of external consultants specialising in Information Security to provide independent expertise to our board.
It was suggested we use a Virtual CISO service. I was wondering whether any of you have used such a service, who (if you're happy to share) and if it was for a similar purpose.
For a bit of context, we are a U.K based SME in the financial services industry.
Thanks in advance,
2 Replies
Advocate I

Re: Virtual CISO

I've used a virtual DPO, which worked out okay, as we could leave the usual staff to handle the routine and only make the call when we had something challenging and unusual to deal with.


In your case, it depends very much on what the scope of the CISO service is.  Would the CISO act as line manager to a security team within your SME?  Would the CISO recommend other products and services to the board?  Or would the CISO responsible for overall security strategy?  Or maybe the CISO is just there to be the public face of security.  In the UKs financial services market you'd probably need to check with the FCA first that the CISO didn't need to be an approved person.


Re: Virtual CISO

I know of organizations that do this.  If you can give me come additional context I'd be happy to help/point you in the right direction.




Jim Kinsman