Virtual Security Manager and CISO

A remote cyber security expert for your office.

Virtual Security Manager and Virtual CISO services

The JUMPSEC Virtual Security Manager (vSM) and Virtual Chief Information Security Officer (vCISO) services are for organisations of any size looking to build their cyber security capabilities and manage cyber risk on an ongoing basis for a predetermined monthly fee.

We help organisations to turn cyber security into a competitive advantage with industry-leading cyber security knowledge in a flexible, cost-effective way, helping your business to meet regulatory, compliance standards and improve your security maturity and posture.

Our impartial, vendor-agnostic advice ensures that your business gets the greatest value from your security investments and the services and technologies we recommend are right for your business.

Virtual Chief Information Security Officer (vCISO)

We help organisations make strategic security decisions and manage their cyber risk.

Ideal for larger organisations with established IT / cyber security teams. JUMPSEC help you to set a direction, establish cyber security programmes and build a positive cyber security culture.

Your designated virtual CISO, supported by the JUMPSEC team, works with you, your board, teams and partners to assess potential cyber-risks and to identify the policies, procedures and controls needed to achieve your business’ security goals. Your JUMPSEC virtual CISO will align security initiatives with existing programs and business objectives, help board members and other key stakeholders to quantify and understand the effectiveness of your security programme and work with your in-house IT and cyber security teams to transfer knowledge and build internal expertise.

Virtual Security Manager (vSM)

The JUMPSEC Virtual Security Manager (vSM) service helps organisations to establish and implement a pragmatic cyber security programme to identify and address cyber risk, protect sensitive and customer data and embed cyber security within your business.

Ideal for small to medium enterprises, with lean IT functions who need hands-on help with their security challenges.

By acting as an extension of your in-house and partner IT resources, we fully understand your needs and strategy and help your business to understand where you are on your cyber security journey. Your JUMPSEC virtual Security Manager will work with you to develop a cyber security programme, plan and implement the policies, procedures and controls needed to strengthen your defences, help you to meet legal and regulatory compliance and achieve cyber security certifications.

Virtual CISO Services include

Information Security Leadership

  • Strategic and tactical leadership on cyber security, governance and information risk management
  • Participation and leadership in meetings and committees
  • Presentation of the latest cyber security status at information security and board meetings
  • Credibility and an independent perspective to support your business in achieving information security objectives


  • Preparation and execution of a successful information security strategy for your business
  • Help in establishing and maintaining your business’ security vision and programme
  • Coordination of compliance and governance activities

Policy Development

  • Review of security policies and procedures
  • Development of security policies, processes, and procedures

Incident Response

  • Creation, review and optimisation of incident response plans
  • Design and supervision of simulated incident response exercises
  • Support to incident management and forensic investigations (available from JUMPSEC as an additional service)

Security Training and Awareness

  • Planning and delivery of security awareness training
  • Oversight of cyber security awareness training programmes across your business
  • Running phishing simulation exercises (available from JUMPSEC as an additional service)

Security Assessment and Testing

  • Carrying out of security and risk assessments
  • Assessment of your business’ current information security maturity
  • Identification of what needs to be protected and the level of protection required
  • Management and overseeing of vulnerability assessments
  • Development and execution of corrective action plans
  • Penetration testing (available from JUMPSEC as an additional service)
  • Managed vulnerability scanning and assessment (available from JUMPSEC as an additional service)


  • Support for internal and external audits
  • Response to regulatory queries
  • Management of security compliance
  • Alignment with industry best practice and standards
  • Definition and embedding of security standards


  • Review of security risk assessment process, register and management
  • Review and measurement of effectiveness of security risk management controls
  • Provision of practical ways to assess risk within your business
  • Development of the company risk appetite statement
  • Identification of risk owners

Project and technical architecture support

  • Providing information security support to projects
  • Review and development of architectures
  • Verification of technical approaches from a security perspective
  • Identification, assessment and selection of cost-efficient technologies
  • Procurement, assessment and implementation of security technologies

Supply chain security

  • Identification and review of the current supplier list
  • Review of current supply chain information security assurance processes
  • Supporting completion of client security questionnaires
  • Providing information security support and advice during supplier selection, onboarding and review

Emerging threats

  • Advice on mitigating newly published security vulnerabilities
  • Providing threat intelligence and analysis
  • Monitoring of threats and vulnerabilities

Security Advice and Guidance

  • Providing technical security guidance
  • Providing intelligence and insight to support decision making
  • Trusted, impartial advice on information security issues and concerns
  • Evaluation of new security products, controls and processes