EdgePro solutions aim to deliver support and provide value to our members as they meet the challenges of a world driven by information and an unprecedented pace of technological change. From professional services, to staff augmentation, to end-user support applications, EdgePro is designed to help members grow, thrive, and rapidly adapt to change.

EdgePro Virtual Chief Information Security Officer

Many organizations need help identifying and implementing viable information security strategies and policies to maintain their security effectiveness and adhere to regulation and compliance requirements. A Chief Information Security Officer (CISO) plays an essential role in IT leadership, balancing information security, risk, and general business challenges, but not every organization has the ability to hire a CISO full-time. The EdgePro virtual CISO (vCISO) service has been designed to fill that gap.

The Role of a vCISO

The vCISO service is designed to create actionable information security strategies and define optimum information security direction for your organization. The vCISO will provide independent and objective input to ensure that your security posture is on track, identifying areas of necessary improvement and continuing to support areas where you’re already in compliance. vCISO services can be engaged for anywhere from a few hours, to a per-project basis, to a full-time staff augmentation. The outcome of an engagement with the vCISO would involve executive level strategy, policy development, and process creation for immediate adoption, implementation, and operation of improvements within the organization.

An EdgePro vCISO is able to assist in any of the following areas:

  • Organizational Leadership
  • Information Security (InfoSec) Team Hiring
  • Direction of InfoSec Team
  • InfoSec Program Management
  • Ownership of Security Policy
  • Employee Security Awareness Programs
  • Security Framework Certifications
  • Technical Contract Review
  • 3rd Party & Vendor Risk Management
  • Liaise with Law Enforcement & Government
  • Vulnerability Management Programs
  • Business Risk Management & Assessment
  • IT Configuration Assessment & Audit
  • Establish & Improve Security Policy, Process, & Procedure
  • Establish & Improve Roles, Responsibilities, & Organization
  • Establish & Improve Human Resources Security Controls
  • Establish & Improve Asset & Data Management Controls
  • Establish & Improve Access & Cryptographic Controls
  • Establish & Improve Physical & Environmental Controls
  • Establish & Improve Operations, Communications, and Incident Management Controls
  • Business Continuity & Disaster Recovery Planning
  • Incident Response Process Development & Management
  • Board Presentations & Leadership Committee Participation
  • …And A Variety of Additional InfoSec Problem Areas