Parallax
Risk & Security

// Services

What We Do

Security advisory and compliance programs for commercial organizations — from fractional CISO leadership to SOC 2 and ISO 27001 readiness.

Defense contractors and DIB organizations: see our Government & Defense services →

01

vCISO Services

FractionalStrategicBoard ReportingRetainer

A fractional CISO engagement gives you direct access to senior security leadership on a retainer basis — owning your security program, communicating to your board, and serving as your accountability partner as the business grows. Engagements are structured around your actual needs, not a fixed deliverable list. You work directly with the principal, not a junior consultant.

Scope Includes

  • Security program strategy and multi-year roadmap
  • Board and executive communication and reporting
  • Security budget planning and vendor selection support
  • Risk management program ownership
  • Incident response planning and tabletop exercises
  • Security awareness program oversight
  • Regulatory and audit representation

02

Compliance Programs

SOC 2ISO 27001HIPAAPCI DSSCyber Essentials

Commercial compliance programs are increasingly a prerequisite for enterprise sales, customer trust, and market access. We design and implement compliance programs that satisfy auditors and actually improve your security posture — not just paper exercises. Our practice covers the full range of commercial frameworks with particular depth in SOC 2 and ISO 27001.

Frameworks

SOC 2 · ISO 27001 · HIPAA · PCI DSS · NIST CSF 2.0

Scope Includes

  • SOC 2 Type I & II readiness and audit support
  • ISO 27001 gap analysis and implementation
  • HIPAA Security Rule assessment and program design
  • PCI DSS scoping and compliance program
  • Cyber Essentials and Cyber Essentials Plus (UK)
  • SOX IT General Controls design and testing
  • NIST CSF maturity assessments for commercial organizations
  • Policy and procedure development
  • Evidence collection and auditor liaison

03

Security Assessments

NIST CSFCIS ControlsGap AnalysisRisk

Our assessments give you an honest picture of your current security posture mapped against your actual threat model and business risk — not just a framework checklist. Every assessment delivers a prioritized remediation roadmap with effort estimates and business risk context, so your team knows exactly what to fix first and why.

Frameworks

NIST CSF 2.0 · CIS Controls v8 · ISO 27005

Scope Includes

  • NIST Cybersecurity Framework (CSF 2.0) assessments
  • CIS Controls v8 benchmarking
  • Cloud security posture assessment (AWS, Azure)
  • Third-party and supply chain risk reviews
  • Vendor risk program design
  • Executive summary with board-ready risk presentation

04

OT / ICS Security

IEC 62443SCADAOT/IT ConvergenceManufacturing

Operational technology security requires a fundamentally different approach than IT security. We understand the uptime, safety, and legacy constraints of manufacturing environments — and we design security improvements that work within them rather than against them. Our OT practice spans semiconductor fabs, discrete manufacturing, and defense production environments.

Frameworks

IEC 62443 · NIST SP 800-82 · NERC CIP

Scope Includes

  • OT/IT network segmentation design and review
  • IEC 62443 gap analysis and zone/conduit modeling
  • SCADA and DCS security reviews
  • OT asset inventory and vulnerability management program
  • Incident response planning for OT environments
  • Semiconductor and IP-sensitive environment expertise

05

Incident Response Readiness

IR PlanningTabletop ExercisesPlaybooksPreparedness

Most organizations discover gaps in their incident response capability during an actual incident — the worst possible time. We help you build and validate IR readiness before you need it: designing your response program, developing playbooks for your most likely threat scenarios, and running tabletop exercises that expose gaps in a controlled environment.

Frameworks

NIST SP 800-61 · CISA IR Guidelines

Scope Includes

  • Incident response plan development and review
  • Threat-scenario-based playbook development
  • Tabletop exercise design and facilitation
  • IR team roles and escalation path definition
  • Communication templates for internal and external stakeholders
  • Post-exercise gap analysis and remediation roadmap

06

Security Program Management

Program ManagementGovernanceRoadmapExecution

Security programs fail not because of bad strategy but poor execution. We provide program management for complex security initiatives — keeping stakeholders aligned, milestones on track, and ensuring investments deliver their intended outcomes.

Scope Includes

  • Security initiative portfolio management
  • Tool selection, procurement, and deployment oversight
  • Regulatory program project management
  • Stakeholder alignment and executive reporting
  • KPI and metrics framework design
  • Board-level program status reporting

Not sure which service is right for you? Take our free self-assessment to understand where your gaps are first.

Take the free assessment →

Not sure where to start?

We will help you identify the highest-impact engagement for your current situation.

Talk to Us