OFFER 2

Security Program Build & Operationalization (90-Day)

Assuming Phase 1 Engagement

Days 1-30 [Diagnose and Align]

ACTIONS

  • Coordinate implementation of wins from Phase One

  • Establish Security Governance structure (steering committee, meeting cadence)

  • Define KPIs and reporting mechanisms for leadership

  • Begin vendor consolidation or optimization if indicated

DELIVERABLES

  • Security Governance Charter

  • Monthly Executive Dashboard Template

  • Updated security policies (3-5 critical policies)

  • Quick-Win completion report

Days 31-60 [Drive Execution]

ACTIONS

  • Launch security awareness training program or phishing simulation (or review / refine if these are in place)

  • Coordinate Implementation of or enhance logging and monitoring capabilities (SIEM tuning, alert playbooks)

  • Conduct tabletop incident response test

  • Establish or enhance vulnerability management program with defined SLAs

  • Begin security tool optimization or procurement process

DELIVERABLES

  • Incident Response Playbooks (3-5 scenarios)

  • Security awareness program metrics

  • Vulnerability Management SLA Document

Days 61-90 [Optimize and Prepare]

ACTIONS

  • Prepare for external audit or client security questionnaire responses

  • Develop vendor security assessment questionnaire and process

  • Create security roadmap presentation for Board

  • Document processes and runbooks for sustainability

  • Conduct 90-day retrospective and adjust roadmap

Optional (Additional cost)

  • Coordinate selection and implementation of Third Party Risk Management platform

DELIVERABLES

  • Audit readiness package (CIS, OCGs, or relevant framework)

  • Client-facing security documentation (questionnaire responses, certifications, program overview)

  • Board Presentation Deck

  • Knowledge transfer documentation

  • Updated 12-month roadmap with progress tracking