Cybersecurity governance and vCISO capacity, on contract.
Jacobs Consultants brings more than 25 years of cybersecurity consulting experience to businesses and consulting partners worldwide who need senior hands for a defined engagement: a gap assessment, an ISO 27001 build, an incident response review, or ongoing virtual CISO oversight.
Eight areas of practice, each scoped as a standalone engagement
Every service can run on its own or combine into a longer programme. Each is tagged with a reference code, the same way a control or SOP would be numbered in the documentation we produce for clients.
Gap and maturity assessment
A structured read of where your security posture stands today, measured against the framework that matters to your business.
RSK-02Strategy and risk management
A risk register and roadmap that ties security spend to business risk, not to a generic checklist.
DET-03Threat detection and incident response
Detection use cases, escalation paths and incident response plans built around how your team actually works.
VAP-04Vulnerability assessment and penetration testing
Testing scoped to your environment, with findings ranked by what is actually exploitable and reachable.
AWA-05Security awareness training
Training built around the scenarios your staff will actually face, not a generic slide deck.
CMP-06Compliance and regulatory support
Practical support for POPIA, ISO 27001 and industry-specific requirements, documented the way an auditor expects.
ARC-07Security architecture review
A review of your network, systems and controls against how they are actually built, not how the diagram says they are.
CSO-08Virtual CISO (vCISO)
Ongoing security leadership and board-level reporting, without the cost of a permanent executive hire.
Three frameworks built from real SOC and governance engagements
Developed and refined by Pierre Jacobs across large-scale security operations and governance work, these are structured methodologies, not generic templates, each with defined phases and a track record of measurable results.
Cybersecurity Operations Efficiency Toolkit
A five-phase methodology that makes security operations better, faster and cheaper: baseline activities against the NIST CSF functions, measure efficiency with SMART KPIs, improve people, process, technology and licensing, then implement and review on a continuous cycle. Engagements have typically identified 15 to 25 percent in recoverable licensing and tooling spend, alongside materially faster detection and containment times.
Governance reporting framework
Converts technical risk and SOC output into evidence a board can act on: quarterly executive updates, an annual governance report, and audit-ready artefacts, structured around recognised governance codes. Runs alongside COPE or on its own, wherever a client needs to show a board, regulator or auditor that security is actively managed rather than just monitored.
Journey to Green
A six-phase maturity programme: discover and baseline, build a strategy and roadmap, implement and enable controls, operate and optimise, assure and report through G-RISE, and sustain the improvement on an ongoing basis. Built for organisations that need a structured path from an uneven security posture to one that is audit-ready and board-reportable.
A short, defined process for every engagement
Define the engagement
Objectives, framework, timeline and deliverables are agreed and documented before any work starts.
Gather evidence
Interviews, technical review and documentation checks against the agreed framework.
Document findings
A written report with findings, risk ratings and a prioritised set of recommendations.
Support remediation
Optional ongoing support to implement recommendations and track progress to closure.
Additional GRC and vCISO capacity for your practice
Jacobs Consultants also works on contract behind other consultancies and managed security providers that need short-term senior capacity: an extra assessor for a large audit, interim vCISO cover, or a second set of hands on a proposal deadline. Work is delivered under your branding and client relationship where required.
Discuss a partner arrangement- Fixed-scope assessments delivered to your template and timeline
- Interim or overflow vCISO coverage for existing client accounts
- ISO 27001, NIST and CIS Controls documentation, written to pass audit
- Proposal and RFP support for GRC and security tenders
- Direct client engagements where a standalone consultant is preferred
Have a specific engagement in mind?
Send the scope and timeline and we will respond with availability and an indicative approach.