CISO Advisor
Skill Verified ActiveSecurity leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap (SOC 2/ISO 27001/HIPAA/GDPR), security architecture strategy, incident response leadership, and board-level security reporting. Use when building security programs, justifying security budget, selecting compliance frameworks, managing incidents, assessing vendor risk, or when user mentions CISO, security strategy, compliance roadmap, zero trust, or board security reporting.
To equip CISOs and security leaders with strategic frameworks and actionable guidance for building robust security programs, quantifying risks, and enabling business growth through effective security posture.
Features
- Risk quantification in dollars (ALE)
- Compliance roadmap planning (SOC 2, ISO 27001, HIPAA, GDPR)
- Security architecture strategy guidance
- Incident response leadership and playbook design
- Board-level security reporting frameworks
- Vendor security assessment tiering
Use Cases
- Building a security program from scratch
- Justifying security budget with risk-based arguments
- Selecting and sequencing compliance frameworks
- Developing incident response procedures
- Assessing vendor security posture
- Preparing board materials on security
Non-Goals
- Providing detailed technical implementation steps for security controls
- Performing automated security scans or audits
- Replacing a dedicated CISO or security team
- Directly managing security incidents or infrastructure
Practices
- Risk-based security
- Zero Trust architecture
- Defense in Depth
- Security program maturity
- Board reporting
Installation
First, add the marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install c-level-advisor@claude-code-skillsQuality Score
VerifiedTrust Signals
Similar Extensions
CAIO Review
100/cs:caio-review <plan> — Eval-demanding Chief AI Officer interrogation of any plan that involves AI: model selection, risk classification, cost economics, or AI hiring.
Context Mode Ops
100Manage context-mode GitHub issues, PRs, releases, and marketing with parallel subagent army. Orchestrates 10-20 dynamic agents per task. Use when triaging issues, reviewing PRs, releasing versions, writing LinkedIn posts, announcing releases, fixing bugs, merging contributions, validating ENV vars, testing adapters, or syncing branches.
Qms Audit Expert
100ISO 13485 internal audit expertise for medical device QMS. Covers audit planning, execution, nonconformity classification, and CAPA verification. Use for internal audit planning, audit execution, finding classification, external audit preparation, or audit program management.
CISO Review
98/cs:ciso-review <plan> — Risk-paranoid interrogation of any plan that touches data, compliance, or production access.
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.
Monitor Data Integrity
100Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.