Trusted Advisory with our vCISOs:

What is a Virtual CISO and DPO

Hiring a CISO can be expensive. Your organisation may not need a full time information security officer. We offer organisations trusted advisory services on cyber security and data privacy where a full time resource is not required. A service that makes the insight and experience of our CEO available to all of our clients

Our clients have the opportunity to obtain the same professional advice and guidance that other FTSE 100 and other large organisations pay a significant amount of money for, but at a fraction of the price. By having an experienced trusted advisor it can help you build your resilience without having to pay huge consultancy fees. You may even consider adding our vCISO to your board.

Many organizations are asking executives to step into the gap and they often lack the expertise required to outline a solid information security policy. There may be areas of your business where you can afford to have employees learning through trial and error, but security is not one of them.

For SME’s it may be difficult to justify the expense of a full-time CISO and recruiting an experienced CISO for others can be a real challenge. How do you find the right fit for your business within your budget when you and the recruitment agencies lack the experience to be able to evaluate a candidate?

The Virtual CISO

There are a number of reasons to consider a virtual CISO. If you need someone to step in on an interim basis or if you want advice from an experienced CISO or if you want to ensure that you only pay for what you actually need, then a vCISO is the answer.

 

Our vCISO can help with

– Vulnerability Management
– Data Classification
– Data Privacy & Data Loss Prevention
– Compliance
– Security Standards (ISO 27001, Cyber Essentials))
– 3rd Party Contracts and Risk Management
– Identity and Access Management
– Policy Writing
– Risk Assessments & Reviews
– Audit Remediation and Audit Management
– Incident Response & Data Breach Management

 

For smaller businesses it simply doesn’t make sense to invest in a full-time CISO when you can hire a virtual one and get the skills you need to draw up a strategic overview. No need to worry about employee benefits like NI contributions, holiday and sick pay.

We offer a number of flexible solutions in terms accessing our vCISO:

  • On a retained basis for a set number of hours per week/month
  • On a Project basis
  • Within our Simple Transparent Affordable Cyber Services (STACS)

We can help to develop your security policies, guidelines, and standards. That could entail anything from ISO 27001 compliance to third party risk assessments.

Our vCISO is fully up to speed on the latest best practices and has experience of dealing with a wide variety of scenarios, and is also able to train your internal security staff.

Please view our VCISO’s profile below and for further information please call +44 203 189 1422 or email info@cm-alliance.org This service is not limited to the UK and is available internationally.

VCISO Profile

Amar Singh has a long-term history and experience in Information Security and data privacy. Amar has served as CISO for various companies, including News International (now NewsUK). Amar, amongst various other activities, is a Global Chief Information Security Officer and Trusted Advisor to a number of organisations including a FTSE 100 Firm and is Chair of the ISACA UK Security Advisory Groups. Amar also founded the not for profit Cyber Security service for charities Give01Day and is an Executive to the Board of the National MBA in Cyber Security.

Amar is communicative and articulate in business-speak, technically competent, and comfortable with both management and technical skills. Amar’s vast experience means he can understand the technical threats, risks and impacts facing organizations, while at the same time having the ability to effectively communicate and manage board-level challenges. Amar has managed all types of Security Assessments and readiness projects in preparation for all types of accreditations including PCI, SOX, IS0 27001, COBIT and risk management, audit, business continuity while being aware of TCP/IP, network security, secure software development, VPNs, mobile security, hacking techniques, database security, log management, access and authorization, email security and awareness of encryption algorithms.. He has the ability and experience of dealing with auditors, both internal and external.

He is a visionary, a thinker, a leader, a doer and, importantly, an experienced hiker who has a vast network of Information Security practitioners that he can call upon for advice or collaborative work. A C-level executive who can both produce and then lead an organization’s cybersecurity strategy through internet’s malware infested waters and ensure that the organization retains all its e-commerce and information completely intact before and after docking. Having the acumen, intelligence and business sense to represent the organization’s interests at executive board meetings and other business gatherings.

Amar has the highest integrity has been trusted by FTSE 100 companies with some of the most sensitive commercial information and has been involved with some highly sensitive forensic investigations.

He has the ability to deal with the techies and executives, and lead an organisation’s information security direction. Apart from experience and abilities, Amar holds holds a number of industry recognised certifications, such as the ISO 27001 Certified ISMS Lead Implementer, MoR, CRISC ad CISSP.

Amar is an industry acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the AlJazeera English Channel