Image 1 of 3
Image 2 of 3
Image 3 of 3
Tier 1: Advisor (Core vCISO Retainer)
$6,000–$8,000/month
Best for: Regional healthcare practices, small credit unions, fintech startups with 50–250 employees seeking executive-level guidance without full-time overhead.
What You Get:
• Monthly Strategic Governance Meeting (2 hours) — Leadership alignment on security priorities, roadmap progress, emerging risks, compliance status, and board readiness.
• Ongoing Advisory & Support — Email and scheduled office hours (up to 8 hours/month) for security decisions, technology evaluations, vendor assessments, and tactical guidance.
• Compliance Oversight & Policy Management:
– Semi-annual compliance readiness reviews (HIPAA, GLBA, NCUA, or applicable frameworks).
– Policy review and updates (4–6 policies annually).
– Audit preparation support and board reporting templates.
• Risk & Roadmap Management:
– Annual risk assessment with prioritized remediation roadmap.
– Quarterly risk register reviews and mitigation tracking.
• Vendor & Third-Party Risk — Quarterly vendor security questionnaire review and BAA/DPA coordination; vendor incident notification support.
Monthly Deliverables: Governance meeting minutes, compliance status dashboard, policy templates, risk register updates, board-ready summary.