Virtual Security Manager and CISO

A remote cyber security expert for your office.

Virtual Security Manager and Virtual CISO services

The JUMPSEC Virtual Security Manager (vSM) and Virtual Chief Information Security Officer (vCISO) services are virtual security offerings for organisations of any size looking to build or bolster their cyber security capabilities and manage cyber risk on an ongoing basis for a predetermined monthly fee.

JUMPSEC’s virtual security services help your business to turn cyber security into a competitive advantage. Our consultants provide you with industry-leading cyber security knowledge in a flexible, cost-effective way, helping your business to meet regulatory and compliance standards and improve your security maturity and posture.

JUMPSEC clients can benefit by adding additional services from across our entire services portfolio, including penetration testing, SOC as a service, managed vulnerability scanning, code review and more. Our impartial, vendor-agnostic advice ensures that your business gets the most value from your security investments and that the services and technologies we recommend are right for your business.

Virtual Chief Information Security Officer (vCISO)

The JUMPSEC Virtual Chief Information Security Officer (vCISO) service helps organisations to make strategic security decisions and manage their cyber risk. Ideal for larger businesses with an established IT and/or cyber security team, this strategic service helps you to set your direction, establish cyber security programmes and to build a positive cyber security culture.

Your designated virtual CISO, supported by the JUMPSEC team, will work with you, your board, your teams and your partners to assess potential cyber-risks and to identify the policies, procedures and controls needed to achieve your business’ security goals. Your JUMPSEC virtual CISO will align security initiatives with existing programs and business objectives, help board members and other key stakeholders to quantify and understand the effectiveness of your security programme and work with your in-house IT and cyber security teams to transfer knowledge and build internal expertise.

Our experienced virtual CISOs use their broad experience and sector-specific knowledge to bring new ideas to the table and present them in a clear and actionable way, understandable to both technical and non-technical stakeholders.

Virtual Security Manager (vSM)

The JUMPSEC Virtual Security Manager (vSM) service helps organisations to establish and implement a pragmatic cyber security programme to identify and address cyber risk, protect sensitive and customer data and embed cyber security within your business. This service is ideal for small to medium enterprises, with lean IT functions who need hands-on help with their security challenges.

By acting as an extension of your in-house and partner IT resources, we fully understand your needs and strategy and help your business to understand where you are on your cyber security journey. Your JUMPSEC virtual Security Manager will work with you to develop a cyber security programme, plan and implement the policies, procedures and controls needed to strengthen your defences, help you to meet legal and regulatory compliance and achieve cyber security certifications.

How do these services work?

We tailor our virtual services to the needs of your organisation. Following our consulting model, we begin by carrying out an on-boarding process to understand where you currently are on your cyber security journey, before agreeing on a delivery model that meets your specific requirements. JUMPSEC’s virtual security services are custom services; you pay for the level of engagement that your business requires and can scale up and down as needed, meaning your campany benefits from cost-effective security expertise.

What are the services made up of?

The focus of JUMPSEC’s virtual CISO and virtual Security Manager services are slightly different but all JUMPSEC clients benefit from our years of expertise and our clear, concise approach. Depending your business requirements, the service offering can comprise of any of the below:

Information Security Leadership

  • Strategic and tactical leadership on cyber security, governance and information risk management
  • Participation and leadership in meetings and committees
  • Presentation of the latest cyber security status at information security and board meetings
  • Credibility and an independent perspective to support your business in achieving information security objectives


  • Preparation and execution of a successful information security strategy for your business
  • Help in establishing and maintaining your business’ security vision and programme
  • Coordination of compliance and governance activities

Policy Development

  • Review of security policies and procedures
  • Development of security policies, processes, and procedures

Incident Response

  • Creation, review and optimisation of incident response plans
  • Design and supervision of simulated incident response exercises
  • Support to incident management and forensic investigations (available from JUMPSEC as an additional service)

Security Training and Awareness

  • Planning and delivery of security awareness training
  • Oversight of cyber security awareness training programmes across your business
  • Running phishing simulation exercises (available from JUMPSEC as an additional service)

Security Assessment and Testing

  • Carrying out of security and risk assessments
  • Assessment of your business’ current information security maturity
  • Identification of what needs to be protected and the level of protection required
  • Management and overseeing of vulnerability assessments
  • Development and execution of corrective action plans
  • Penetration testing (available from JUMPSEC as an additional service)
  • Managed vulnerability scanning and assessment (available from JUMPSEC as an additional service)


  • Support for internal and external audits
  • Response to regulatory queries
  • Management of security compliance
  • Alignment with industry best practice and standards
  • Definition and embedding of security standards


  • Review of security risk assessment process, register and management
  • Review and measurement of effectiveness of security risk management controls
  • Provision of practical ways to assess risk within your business
  • Development of the company risk appetite statement
  • Identification of risk owners

Project and technical architecture support

  • Providing information security support to projects
  • Review and development of architectures
  • Verification of technical approaches from a security perspective
  • Identification, assessment and selection of cost-efficient technologies
  • Procurement, assessment and implementation of security technologies

Supply chain security

  • Identification and review of the current supplier list
  • Review of current supply chain information security assurance processes
  • Supporting completion of client security questionnaires
  • Providing information security support and advice during supplier selection, onboarding and review

Emerging threats

  • Advice on mitigating newly published security vulnerabilities
  • Providing threat intelligence and analysis
  • Monitoring of threats and vulnerabilities

Security Advice and Guidance

  • Providing technical security guidance
  • Providing intelligence and insight to support decision making
  • Trusted, impartial advice on information security issues and concerns
  • Evaluation of new security products, controls and processes