Fractional CISO
Most companies between 50 and 300 people need a CISO function long before they need a full-time CISO. A Fractional CISO gives you senior security leadership on a retainer — same strategic authority, same board presence, a fraction of the cost. We own your security program so you don’t have to build a team to run it.
Part-time engagement, full-time accountability
A Fractional CISO owns the security program: the risk register is theirs, the incident response plan is theirs, the compliance roadmap is theirs. When something goes wrong at 2 a.m., they lead the response. When the auditor shows up, they represent your business. Full accountability, with a retainer rather than a salary.
Our Fractional CISO retainer pairs naturally with our penetration testing and ISO 27001 & SOC 2 services. Most clients run all three as one program: the Fractional CISO sets direction, pen testing identifies the gaps, and the compliance engagement closes them against the framework.
Everything a CISO does, structured as a retainer
Security Strategy
Annual security strategy and roadmap aligned to your business objectives, risk appetite, and compliance obligations. Quarterly reviews and monthly adjustments keep it current. Auditor-ready at all times.
Risk Management
Living risk register maintained on your behalf — severity-ranked, mitigation-tracked, treatment-justified. Covered by ISO 27001 clause 6.1 and SOC 2 CC3.2. We own it, you approve it.
Compliance Oversight
Ongoing compliance program management across ISO 27001, SOC 2, GDPR, and NIS2. We track obligations, own the evidence collection cadence, and coordinate with auditors so your team isn’t pulled into months of administration.
Board & Exec Reporting
Monthly security report for your leadership team and quarterly briefing for the board. Plain-English summaries with business-relevant metrics. Designed for the audience that needs to act on it.
Fractional CISO — Frequently Asked Questions
What is a Fractional CISO?
A Fractional CISO (also called a virtual CISO or part-time CISO) is a senior security executive who works with your organization on a retainer basis rather than as a full-time employee. They own the information security strategy, risk register, compliance program, and incident response function — and they represent security at the board and executive level. The “fractional” refers to the time commitment, not the responsibility: they are fully accountable for the security program, just not on-site five days a week.
What’s the difference between a Fractional CISO and a full-time CISO?
A full-time CISO is an employee: on-site, embedded in the org chart, managing a security team, and costing €180,000–€350,000 per year in total compensation before benefits, bonuses, and recruitment fees. A Fractional CISO is a retainer engagement: they bring the same strategic experience and accountability, work with your team remotely and in scheduled engagements, and cost 10–20% of the full-time equivalent. For companies that don’t yet have the security team size to justify a full-time hire, Fractional is almost always the right model.
How many hours per month does a Fractional CISO work?
It depends on engagement scope, but our standard retainer runs 20–40 hours per month. That covers: a monthly risk register review, policy maintenance, one executive report, a quarterly board briefing, ongoing vendor security reviews, incident on-call availability, and ad-hoc questions from your team. Higher-intensity periods — compliance audits, incidents, vendor due-diligence cycles — are handled within the retainer or escalated to a supplementary day rate.
How much does a Fractional CISO cost?
Our Fractional CISO retainer starts from €2,500 / month for companies up to ~100 people, and €3,000–€4,500/month for 100–300-person organizations with active compliance obligations. For context, a full-time CISO costs €180,000–€350,000 per year in total comp. A Fractional CISO delivers the strategic leadership function at roughly €30,000–€54,000/year — a saving of €150,000 or more, without the recruitment risk or employment overhead.
CISO-level security leadership, retainer-priced
Tell us about your organization, your compliance goals, and your current security posture — we’ll scope a Fractional CISO engagement and come back with a fixed monthly price.
Contact us → vCISO Services →