GRC · vCISO · SECURITY ARCHITECTURE

Cybersecurity governance and vCISO capacity, on contract.

Jacobs Consultants brings more than 25 years of cybersecurity consulting experience to businesses and consulting partners worldwide who need senior hands for a defined engagement: a gap assessment, an ISO 27001 build, an incident response review, or ongoing virtual CISO oversight.

Frameworks and standards worked to
ISO/IEC 27001 ISO 22301 NIST CSF CIS Controls v8 PCI DSS POPIA
PROPRIETARY METHODOLOGY

Three frameworks built from real SOC and governance engagements

Developed and refined by Pierre Jacobs across large-scale security operations and governance work, these are structured methodologies, not generic templates, each with defined phases and a track record of measurable results.

COPE

Cybersecurity Operations Efficiency Toolkit

A five-phase methodology that makes security operations better, faster and cheaper: baseline activities against the NIST CSF functions, measure efficiency with SMART KPIs, improve people, process, technology and licensing, then implement and review on a continuous cycle. Engagements have typically identified 15 to 25 percent in recoverable licensing and tooling spend, alongside materially faster detection and containment times.

G-RISE

Governance reporting framework

Converts technical risk and SOC output into evidence a board can act on: quarterly executive updates, an annual governance report, and audit-ready artefacts, structured around recognised governance codes. Runs alongside COPE or on its own, wherever a client needs to show a board, regulator or auditor that security is actively managed rather than just monitored.

JTG

Journey to Green

A six-phase maturity programme: discover and baseline, build a strategy and roadmap, implement and enable controls, operate and optimise, assure and report through G-RISE, and sustain the improvement on an ongoing basis. Built for organisations that need a structured path from an uneven security posture to one that is audit-ready and board-reportable.

HOW AN ENGAGEMENT RUNS

A short, defined process for every engagement

Scope

Define the engagement

Objectives, framework, timeline and deliverables are agreed and documented before any work starts.

Assess

Gather evidence

Interviews, technical review and documentation checks against the agreed framework.

Report

Document findings

A written report with findings, risk ratings and a prioritised set of recommendations.

Support

Support remediation

Optional ongoing support to implement recommendations and track progress to closure.

FOR CONSULTING PARTNERS

Additional GRC and vCISO capacity for your practice

Jacobs Consultants also works on contract behind other consultancies and managed security providers that need short-term senior capacity: an extra assessor for a large audit, interim vCISO cover, or a second set of hands on a proposal deadline. Work is delivered under your branding and client relationship where required.

Discuss a partner arrangement
  • Fixed-scope assessments delivered to your template and timeline
  • Interim or overflow vCISO coverage for existing client accounts
  • ISO 27001, NIST and CIS Controls documentation, written to pass audit
  • Proposal and RFP support for GRC and security tenders
  • Direct client engagements where a standalone consultant is preferred

Have a specific engagement in mind?

Send the scope and timeline and we will respond with availability and an indicative approach.

Start the conversation
WhatsApp us