Scope of Work

Services & Engagements

I help organizations become secure, resilient, and compliant through advisory, audits, certification activities, and advanced training — across IT, OT, and cloud environments. Multi-accredited lead auditor (ISO 27001 · ISO 22301 · CSA STAR). PECB Certified GOLD Trainer (50+ programs).

01 — Scope

GRC — Governance, Risk & Compliance

Cybersecurity governance, risk management, compliance, ISMS/BCMS/PIMS, audits, maturity assessments, executive reporting, and continuous improvement — aligned with ISO, NIST, PCI DSS, SWIFT CSP, CSA STAR, SOC 2, and RNSI.

  • ISO/IEC 27001:2022 certification audits (Stage 1, Stage 2, surveillance)
  • ISO 22301:2019 BCMS certification audits
  • ISO 27701:2025 PIMS certification audits
  • CSA STAR Level 2 cloud security assurance audits
  • PCI DSS QSA & SWIFT CSP compliance assessments
  • Cyber risk registers, treatment plans, residual risk acceptance frameworks
  • Compliance dashboards, control mappings, and executive reporting packs
  • Gap assessments, maturity roadmaps, and continuous improvement programs
02 — Scope

SecOps — SOC, CSIRT & Resilience

SOC/CSIRT strategy, managed SOC governance, incident response, crisis management, threat intelligence, SIEM/SOAR, vulnerability management, VAPT, DFIR, red/purple teaming, and cyber resilience.

  • SOC/CSIRT operating model design: charter, playbooks, escalation, KPIs/SLAs
  • Managed SOC governance: service models, detection & response strategy
  • Incident response plans, tabletop exercises, cyber crisis simulations
  • SIEM/SOAR use case design, logging requirements, alert prioritization
  • Vulnerability assessments & penetration testing (VAPT)
  • Red/purple team engagements, source code review, attack path analysis
  • DFIR — digital forensics & incident response (ISO 27035/27037/27042/27043)
  • Threat intelligence (CTI) programs and capability maturity uplift
03 — Scope

Advisory — vCISO & Strategy

vCISO, cybersecurity strategy, security program design, audit readiness, framework mapping, maturity assessments, governance models, security-by-design, and board-level reporting.

  • Virtual CISO (vCISO) services for organizations without a full-time CISO
  • CISO/DSSI charter design: authority, independence, executive reporting lines
  • Cybersecurity governance & operating model design (committees, RACI, decision rights)
  • Advisory and cybersecurity business unit structuring
  • Security-by-design integration into architecture and project lifecycles
  • Audit readiness and certification-gap closure programs
  • Framework mapping across ISO, NIST, PCI DSS, SWIFT CSP, CSA CCM, RNSI
  • Board-level and executive security reporting
04 — Scope

Training — Certification & Capacity Building

PECB Certified GOLD Trainer (ID GT20395871, 50+ programs). Also authorized by: ISC2, ISACA, CSA, EC-Council, INE Security, OffSec, SANS, TRECCERT, PMI.

  • ISO 27001/27005/27035/27701/22301 implementer & auditor tracks
  • PECB, ISC2, ISACA, CSA, EC-Council, INE Security, OffSec, SANS programs
  • CISSP, CCISO, PMP, CCSK, cloud & cybersecurity fundamentals coaching
  • Hands-on SOC, CSIRT, incident response & threat-hunting workshops
  • Executive awareness, board briefings, and crisis simulations
  • Tailored internal academies and cyber capacity-building programs
Engagement Model

How we work together

A structured, transparent approach — from first conversation to measurable outcomes.

Step 01

Discovery Call

We discuss your context, regulatory landscape, current maturity, and objectives — no obligation.

Step 02

Scoping & Proposal

A clear scope of work, timeline, deliverables, and pricing — tailored to your needs and constraints.

Step 03

Execution

Hands-on delivery — audits, advisory sessions, training, or SOC/CSIRT design — with regular checkpoints.

Step 04

Reporting & Follow-up

Executive-ready deliverables, recommendations, and — where useful — a continuous improvement plan.

FAQ

Common questions

Do you work internationally, or only in Algeria?

Both. Engagements span four continents — remote advisory, on-site audits, and in-person training are all available depending on the scope.

Can you act as our official accredited auditor?

Yes — as a Global Accredited Senior Lead Auditor (MSECB) for ISO/IEC 27001:2022, ISO 22301:2019, and CSA STAR Level 2.

Do you offer vCISO retainers?

Yes — fractional/virtual CISO arrangements for organizations that need senior security leadership without a full-time hire.

What's the best way to start?

Send an email to contact@taheramine.org with a short description of your need — I'll reply with next steps.

Let's work together

Have a project in mind?

Whether it's a certification audit, a CSIRT build-out, executive training, or a full governance overhaul — let's talk.

contact@taheramine.org