Skip to content

Implementation & Management

Strategic security management - without a full-time hire

We provide an experienced cybersecurity leader who builds strategy, manages risk, coordinates vendors and reports to the board - in a 10-15 hours per week model, at a fraction of a full-time CISO cost.

Last updated: April 2026

Let's talk

vCISO is a SEQRED service covering strategic cybersecurity management in a flexible model - without a full-time ciso.

Implementation & Management

NIS2, DORA and KSC regulations require board members to take personal responsibility for cybersecurity. At the same time, the specialist market is challenging - recruiting an experienced CISO takes 6-9 months, and annual employment cost with employer contributions is PLN 350-600K. Many organizations don't need a full-time CISO but need someone who will systematically build a security program: set priorities, establish processes, select vendors and communicate with the board in business risk language. The vCISO model delivers this at 20-30% of employment cost.

Scope

01

Cybersecurity strategy development and updates

02

Risk management - identification, assessment, mitigation plan and risk register

03

Security policy and procedure development and oversight

04

Board and supervisory board reporting in business language

05

Regulatory compliance oversight (NIS2, KSC, DORA, GDPR)

06

Security program coordination - budget, roadmap, vendor management

07

Incident response coordination and crisis communication

08

Engagement model: monthly retainer or project-based

Process

01

State assessment

We analyse the current cybersecurity maturity level, policies, team, and tools.

02

Strategy and roadmap

We develop a security strategy with priorities, budget, and milestones.

03

Implementation

We execute the roadmap: building processes, implementing policies, coordinating security projects.

04

Reporting

We regularly report progress and risk status to the board and stakeholders.

05

Continuous improvement

We adapt the strategy to the evolving threat landscape and new regulatory requirements.

Case study

Mid-sized manufacturing company

We assumed the vCISO role for a manufacturing company preparing for NIS2 requirements, building the security programme from scratch.

Within 6 months, the organisation went from having no formal programme to full documentation and a compliance roadmap.

6 mo. to full documentation

Sectors

Banking and finance

Banking application security, DORA and TLPT compliance, cloud environment protection.

Energy

OT network security, SCADA and AMI systems - from power grids to gas, heating and renewables.

Manufacturing and industry

OT audits in PLC, DCS and automation environments - chemicals, food, electronics, machinery.

Services

Security Architect

Documentation, assessment and development of IT, OT and cloud security architecture.

Microsoft 365 Security

Microsoft 365 tenant audit, takeover and security hardening. Entra ID, Defender, Intune, Purview.

FAQ

How does a vCISO differ from a consultant? +

A consultant delivers a specific project (audit, deployment). A vCISO is a continuous strategic role - managing the security programme, owning the roadmap, and reporting to the board like an internal CISO.

How much time does a vCISO dedicate to our organisation? +

Flexibly - typically 2 to 4 days per month. We tailor the model to the organisation's size and workload intensity.

Can the vCISO represent us before regulators? +

Yes - the vCISO can represent the organisation in interactions with regulators and auditors, prepare documentation, and present the cybersecurity posture.

What does the knowledge transfer look like when the engagement ends? +

All documentation, policies, and procedures belong to the organisation. We ensure full knowledge transfer and support during the transition period.

Does a vCISO replace the internal IT team? +

No - the vCISO works with the IT team, providing strategic direction. Operational security tasks remain with the team, while the vCISO coordinates and prioritises them.

How does SEQRED price its services? +

Pricing is based on an individual estimate of our consultants' time, considering the project scope and complexity. We present the offer broken down by phases - so you see exactly what you're paying for and can make decisions at each stage.

Can I speak with an expert before making a decision? +

Yes - an initial consultation is always welcome and free of charge. We help define the actual scope of your needs, which allows us to prepare a rational offer tailored to your organization.

How is the vCISO service priced? +

Pricing depends on the engagement model (fixed number of days per month or project-based scope), duration of the collaboration, and area of responsibility.

We'll discuss scope, methodology, and timeline.

Book a consultation

Free consultation, no strings attached.