Warner McCall Ltd

Virtual Chief Information Security Officer (vCISO)

Provides a trusted virtual Chief Information Security Officer function to organisations through a virtual CISO service fitted to the culture and needs of your organisation, providing dedicated Cyber Security (including socio-technical and reputational) advice and leadership, without full-time employment costs. This service/function can also support defined individual projects or programmes.


  • Broad ranging expertise across Governance, Security Assurance and Capability Development.
  • Detailed understanding of vulnerability management, cyber posture and resilience planning.
  • Support is flexible, fitted to your need, with low overhead.
  • Mature, experienced CISOs with reachback to broad-based support.
  • Executive-level cyber and Information Assurance advice.
  • Cyber Strategy, Risk and Vulnerability Management.
  • Cyber Security and Information Assurance policy development.
  • Cyber Security architecture development, maturity modelling and capability planning.
  • Enterprise security certification and audit.
  • Cyber and Information Assurance training and awareness.


  • Access to high quality, experienced cyber expertise (CISSP & ISO27001).
  • Focused cyber support and advice, fitted to your organisation.
  • Improved understanding of cyber security posture, priorities and risk.
  • Improved understanding of Human Factors and Insider Threat.
  • Detailed path to improvement with prioritised risks and mitigations.
  • Lower cyber security risk and greater business and operational resilience.
  • Spending and resource optimisation, to manage the cost of cyber.
  • Improved board-level understanding and awareness.
  • Normalisation of cyber security and information assurance within business practises.


£500 to £1250 per person per day

Service documents


G-Cloud 11

Service ID

4 0 3 8 6 0 3 5 2 0 4 8 3 8 0


Warner McCall Ltd

Alan Sweet




Planning service
How the planning service works
WMR's vCISO service provides clients with the governance, capability development and security assurance support which is essential for any organisation operating a modern information infrastructure. This service is best suited to organisations where a full time CISO is not a practical option or the in-place CISO requires additional expert advice/support. A CISO role provides the advice, management and leadership necessary to navigate day-to-day cyber challenges (which is essential given the dynamic threat and vulnerability landscape which persists), and helps to develop greater business and operational resilience around an enterprise’s activities and practices.
For Cloud service migration, a CISO provides vital planning and leadership for managing the adoption or delivery of such services, and for de-risking such adoption. WMR's vCISO service ensures that enterprise operational priorities and key risks are factored into cloud migration, employing recognised cloud security standards and guidelines to identify and implement relevant and essential security measures (such guidelines include NCSC’s 14 Cloud Security Principles and vendor specific configuration guidance provided for MS O365, Azure and AWS).
Planning service works with specific services


Training service provided

Setup and migration

Setup or migration service available
How the setup or migration service works
WMR's vCISO service provides the capability development planning, execution and management necessary to adopt or migrate to new cloud services. The vCISO will conduct informed assessment of the security and resilience requirements necessary to support potential cloud adoption, using HMG and common vendor cloud security guidelines as a planning guide.
The vCISO will support the client and its other service providers to plan and deliver cloud adoption or migration measures, using various Enterprise Change Management tools and processes to facilitate such change. The WMR vCISO is also capable of employing soft methodologies, and understanding of Human Factors (HF), User Experience (UX) and User Interface (UI) mechansims, to secure the effective adoption of new cloud security facilities and security measures by the client’s user community.
Setup or migration service is for specific cloud services

Quality assurance and performance testing

Quality assurance and performance testing service
How the quality assurance and performance testing works
WMR’s vCISO service can assess and evaluate an organisation’s Cyber Security and Resilience at an enterprise, operational or technical (system-specific) level. The vCISO can conduct enterprise-level assessments of governance, policy, strategy, resource and planning issues, and can also conduct technical reviews of a specific system’s configuration, management and husbandry. Standards-based assessments and audits are offered, including ISO27001 and Cyber Essentials, and including audits of cloud security configuration (the latter against NCSC’s 14 Cloud Security Principles or vendor-specific standards, such as O365, Azure and AWS configuration guidelines). The vCISO is able to call on other technical resources such as Penetration Testers or Red Team providers, or will raise such requirements with the client, in order to support quality assurance and performance testing.

Security testing

Security services
Security services type
  • Security strategy
  • Security risk management
  • Security design
  • Cyber security consultancy
  • Security testing
  • Security incident management
  • Security audit services
Certified security testers
Security testing certifications
  • Cyber Scheme
  • Other
Other security testing certifications
  • ISO27001 Lead Auditor and Lead Implementer

Ongoing support

Ongoing support service

Service scope

Service constraints
WMR provides cyber security consultancy services only.

User support

Email or online ticketing support
Phone support
Web chat support
Support levels
WMR provide cyber security consultancy services. The levels of these services is provided within WMR's Skills for the Information Age (SFIA) rate card.


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)


£500 to £1250 per person per day
Discount for educational organisations

Service documents

Return to top ↑