Service · Durable revenue
Fractional AI and Information Risk Officer
A named individual accountable to your board for AI and information risk posture. Quarterly reporting, policy maintenance, vendor reviews, and incident response support, delivered under one twelve-month engagement.
When this fits
You need accountability, not another report.
The fractional officer engagement is designed for organisations where the board has identified AI and information risk as material, but where a full-time Chief Information Security Officer or AI Risk Officer is not yet justified by scale.
You receive a senior practitioner who carries personal accountability, attends risk and audit committee meetings, signs governance documents in their own name, and is the named person regulators can call.
This is not advisory work. This is a role.
Inclusions
What the engagement covers.
Quarterly posture re-assessment
Updated NIST AI RMF and APRA-aligned posture report each quarter. Closes the loop on prior remediation. Forms the basis of the board update.
Policy and standards maintenance
Acceptable use, data classification, vendor risk, prompt hygiene, AI development standards. Reviewed and updated as your tooling and risk profile evolves.
Monitoring and audit log review
Defined control objectives reviewed against your SIEM, audit logs, and admin console exports on an agreed cadence.
Vendor risk reviews
Every proposed AI tool is assessed against your data classification matrix, contractual posture, and integration risk before procurement signs.
AI incident response support
Defined playbooks for prompt injection, data exfiltration via AI, model misuse, vendor outage, and shadow AI discovery. We respond, you do not have to learn on the job.
Board and committee reporting
Monthly operations report. Quarterly board update including KPI dashboard, remediation status, regulatory horizon, and incident summary.
Annual ISO 42001 readiness review
Annual readiness check against ISO/IEC 42001:2023 management system requirements. The basis of certification when you are ready.
Direct contact line
You have the practitioner directly. No client manager layer, no triage queue. Material decisions get a same-day response.
Investment
From AUD 8,000 / month
Tiered to organisational size and risk profile. Standard tier AUD 11,500. Premium tier AUD 15,000.
Term
12 months
Quarterly review points. Either party may exit at the end of any quarter with thirty days notice.
Onboarding
2 to 4 weeks
Most engagements begin with a posture assessment. Existing assessments from the last twelve months are accepted as input.
Standards alignment
Frameworks the role operates against.
For organisations with European exposure we layer in EU AI Act risk classification. For organisations with United States exposure we layer in Colorado AI Act and NYC Local Law 144 obligations where applicable.
Get started
Put a name on your AI risk.
A thirty-minute discovery call confirms whether the fractional model is the right fit for your organisation, your scale, and your regulator.