What is a Fractional CISO?

A Fractional CISO provides an organisation with the cyber security leadership of a seasoned Chief Information Security Officer, governance, board reporting, regulatory engagement, and strategic direction, on a structured part-time or retainer basis. It delivers the depth of a CISO without the cost or commitment of a full-time executive appointment.

Who needs a Fractional CISO?

Fractional CISO services suit organisations that need genuine CISO-level security leadership but where a full-time appointment is not yet appropriate, typically growing businesses, regulated firms building their security function, private equity-backed companies, or organisations between permanent appointments.

How does a Fractional CISO differ from a security consultant?

A security consultant delivers a project, assessment, or report. A Fractional CISO holds the CISO function, accountable to the board, responsible for the security programme, and present in governance and regulatory conversations. The relationship is ongoing and strategic, not transactional.

What does a Fractional CISO cost?

Fractional CISO engagements are structured on a retainer or part-time basis, with scope and commitment agreed to match the organisation's needs. Cost is significantly lower than a full-time CISO salary and benefits package while delivering equivalent strategic leadership. Arrangements are discussed during an initial conversation.

Fractional CISO London & UK

Senior CISO leadership without the full-time commitment

A fractional CISO provides your organisation with the cyber security leadership of a seasoned Chief Information Security Officer, the governance, the board reporting, the regulatory engagement, the strategic direction, on a structured part-time or retainer basis. The depth of a CISO without the overhead of a full-time executive appointment.

What a Fractional CISO Delivers

The weight of CISO experience, scaled to what your organisation actually needs

Many organisations need genuine CISO-level leadership but are not at the size or stage where a full-time C-suite security executive is the right structure. They still face real regulatory obligations, board accountability expectations, and security risks that require a senior, credible hand. A fractional CISO fills that gap precisely.

The value of a fractional CISO comes entirely from the depth of experience behind the role. I have served as a full-time CISO at MS Amlin, British Land, Suntory Group and Xoserve, and as Group CISO at Planet Payment, appointed directly by Advent International. That operational depth, the board reporting, the regulatory engagement, the hard decisions, is what I bring to each fractional CISO engagement.

What is included

Board-level security reporting and risk presentation

Security governance framework design and oversight

Regulatory engagement, FCA, NCSC, DORA, NIS2, UK GDPR

CISO-level attendance at board and risk committee meetings

Security strategy development and programme direction

Third-party and supply chain security oversight

Incident response governance and escalation leadership

Security team leadership, mentoring and capability building

When a Fractional CISO Is the Right Answer

The situations where fractional CISO engagement makes most sense

No Current CISO

Organisations that have grown to a size where board-level security governance is required but do not yet have, or do not need, a full-time CISO. A fractional CISO provides the leadership, reporting and regulatory engagement without the full-time headcount.

Regulatory or Compliance Pressure

Organisations facing a specific regulatory obligation, FCA assessment, DORA readiness, NIS2 compliance, a Lloyd's market security requirement, that needs credible, senior security leadership to address credibly and on time.

During Transformation or M&A

Organisations undergoing digital transformation, a merger or acquisition, or a significant technology change that requires senior security oversight without embedding a full-time executive for the duration of the programme.

Scaling into Regulated Markets

Technology companies and FinTechs scaling into regulated sectors, financial services, insurance, payments, that need to build the governance infrastructure required to operate credibly at scale, from the outset.

CISO Track Record

Former CISO at FTSE 100 and regulated organisations

The fractional CISO relationship is only as valuable as the experience behind it. Unlike a generic consultancy offering, this engagement is backed by direct, operational CISO experience at some of the UK's most complex and demanding organisations. That means board credibility, regulatory understanding, and the ability to make difficult decisions, not just advise on them.

Full career history is available on the Experience page. Former advisory appointments with the FCA, NCSC and Lloyds of London provide a deep understanding of regulatory expectations that few CISO-level advisers can offer.

MS Amlin

Group CISO & Group DPO, Lloyd's market insurer, international operations.

British Land

Chief Information Security Officer, FTSE 100 real estate investment trust.

Planet Payment

Group CISO, appointed by Advent International PE to lead post-acquisition security transformation.

Xoserve

Director of Cybersecurity Strategy & Transformation, DPO, UK's Central Data Service Provider for the gas industry, critical national infrastructure.

Suntory Group

Director of Cybersecurity Strategy and Transformation, global FMCG, 40+ countries.

Need a Fractional CISO in London or across the UK?

Describe your situation and I will tell you directly whether this is the right fit.

Arrange a Conversation