Fractional CISO Services

PROTECTING YOUR SECURITY WITH FRACTIONAL CISO

Tangible Security recognizes that many organizations maintain an effective and efficient information technology team to manage firewalls and other security components while also providing IT direction and support to the company. However, the dynamic nature of the IT/cybersecurity field can present a challenge when understanding the long-term strategic security needs of the organization.

Employing an executive-level IT/security professional can be very cost prohibitive. Many organizations, especially small and medium-size businesses, do not need a full-time Chief Information Security Officer (CISO) or a full-time Chief Information Officer (CIO). All they need is a trusted advisor to provide thought leadership on creating an effective information technology/security program and leverage current resources to effectively manage the corporation’s information technology/security needs.

TANGIBLE CISO SERVICES

Tangible Security’s Fractional CISO and CIO consulting services provide your organization with expert resources to help manage and steer your information technology and security program. We fill the role of a Chief Information Security Officer or Chief Information Officer on an as-needed basis to develop, manage and support your IT and security programs. Tangible Security’s highly experienced personnel are made available to lead IT and security efforts within your organization, resulting in a highly customized, tailored approach and providing maximum benefit.

Leveraging the expertise of a Fractional CISO and CIO only when needed can eliminate the worry and confusion over creating a secure and effective IT environment. We will manage complex regulatory compliance issues while aligning business needs with budgetary constraints while leaving you free to run your business operations. Further, with access to a broad range of subject matter experts, the right support can be delivered at the right time – when you need it.

Tangible Security’s Fractional CISO and CIO cybersecurity consulting services provide your organization with immediate access to a professional team of highly experienced IT and cybersecurity leaders in areas of IT operations, data management, infrastructure, data security, compliance, and risk management at a fraction of the cost of hiring a full-time Chief Information Security Officer or Chief Information Officer.

Fractional CISO Roles & Responsibilities

*This is not an all-inclusive list; clients select in-scope tasks.

  • Overall ownership and development of your organization’s information security program
  • Conduct C-level presentations to executives and board members on current and future cybersecurity initiatives and the organization’s information security posture
  • Conduct a yearly security program assessment, security roadmap, and risk assessment
  • Independent and objective view of risk, compliance, and security posture
  • Experienced principal security architect to reduce the risk of costly mistakes
  • Evaluation, recommendation, and implementation of security products, technologies, and security awareness training
  • Cybersecurity interface with regulators, banks, partners, and customers
  • Development of tailored information security policies, plans, and procedures, including Business Continuity/Disaster Recovery and Incident Response policies, plans, and playbooks
  • Creation and review of Business and Privacy Impact Analyses (BIA/PIA)
  • Third-party security review, including questionnaire generation and follow-up
  • Security architecture, including organizational and system-specific threat modeling and risk assessment
  • Penetration Testing (Internal/External Network, Web Application, Mobile Application, IoT)
  • Governance, Risk Management & Compliance (GRC) program oversight, including gap assessments and expertise in compliance regulations.

A Complete Suite of Compliance Services 

  • New York State Department of Financial Services (NYDFS)
  • EU General Data Protection Regulation (GDPR)
  • EU Data Privacy and Safe Harbor
  • Payment Card Industry Data Security Standards (PCI-DSS)
  • System and Organization Controls (SOC2)
  • Chemical Facility Anti-Terrorism Standards (CFATS)
  • Health Insurance Portability & Accountability Act (HIPAA/HITECH)
  • Sarbanes-Oxley Act (SOX)
  • Gramm-Leach-Bliley Act (GLBA)
  • Federal Information Security Management Act (FISMA)
  • Family Educational Rights and Privacy Act (FERPA)
  • California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA)

Fractional CIO Roles & Responsibilities

*This is not an all-inclusive list; clients select in-scope tasks.

  • Overall ownership and development of your organization’s information technology program including:
    • Organization-wide IT operations 
    • Infrastructure
    • Enterprise Data Management
    • IT budget and staffing levels
  • Responsible for corporate IT and compliance policies, including policies applicable to publicly traded corporations 
  • Conduct C-level presentations to executives and board members on current and future IT initiatives
  • Educates senior management on the uses and strategic benefits of available information technologies
  • Lead continuous improvement initiatives that include identification, selection, development, and customization of operation-enhancing technology
  • Responsible for the delivery and support of technology solutions, including:
    • Microsoft 365/G-Suite
    • Cloud Technologies
    • Databases
    • Web Applications
    • CRM
    • HRIS
    • ERP
    • Payment processing
    • Development tools and environments
    • Project Management
    • On premise infrastructure
  • Provides leadership, technical solutions, and oversight for organizational performance measurement capabilities and metrics
  • Management of 3rd party IT providers/vendors

    Get In Touch Today