OFFER 2
Assuming Phase 1 Engagement
Days 1-30 [Diagnose and Align]
ACTIONS
Coordinate implementation of wins from Phase One
Establish Security Governance structure (steering committee, meeting cadence)
Define KPIs and reporting mechanisms for leadership
Begin vendor consolidation or optimization if indicated
DELIVERABLES
Security Governance Charter
Monthly Executive Dashboard Template
Updated security policies (3-5 critical policies)
Quick-Win completion report
Days 31-60 [Drive Execution]
ACTIONS
Launch security awareness training program or phishing simulation (or review / refine if these are in place)
Coordinate Implementation of or enhance logging and monitoring capabilities (SIEM tuning, alert playbooks)
Conduct tabletop incident response test
Establish or enhance vulnerability management program with defined SLAs
Begin security tool optimization or procurement process
DELIVERABLES
Incident Response Playbooks (3-5 scenarios)
Security awareness program metrics
Vulnerability Management SLA Document
Days 61-90 [Optimize and Prepare]
ACTIONS
Prepare for external audit or client security questionnaire responses
Develop vendor security assessment questionnaire and process
Create security roadmap presentation for Board
Document processes and runbooks for sustainability
Conduct 90-day retrospective and adjust roadmap
Optional (Additional cost)
Coordinate selection and implementation of Third Party Risk Management platform
DELIVERABLES
Audit readiness package (CIS, OCGs, or relevant framework)
Client-facing security documentation (questionnaire responses, certifications, program overview)
Board Presentation Deck
Knowledge transfer documentation
Updated 12-month roadmap with progress tracking