Victoria Arkhurst, Founder & AI-Native Virtual CISO
Victoria Arkhurst is the founder and AI-native Virtual CISO (vCISO) of IRM Consulting & Advisory, helping SaaS, Private Equity, and DoD organizations build investor-ready cybersecurity, risk, compliance, and AI governance programs.
About Victoria Arkhurst
Victoria Arkhurst is an AI-native Virtual CISO, cybersecurity and AI governance advisor, and founder of IRM Consulting & Advisory. With more than 25 years of experience across multiple industries, she helps SaaS and AI-native organizations build practical cybersecurity, risk, compliance, and AI governance programs that scale with the business.
She is known for translating complex cyber and AI risk into clear executive decisions, helping leadership teams strengthen resilience, accelerate trust, and prepare for evolving regulatory expectations. Victoria's expertise spans virtual CISO leadership, AI risk, governance, compliance, and secure AI implementation. She advises SaaS companies, Private Equity portfolios, and DoD contractors on building investor-ready, enterprise-grade cybersecurity programs at a fraction of the cost of a full-time CISO.
A contributor to the CAN/DGSI 100-5 Health Data Governance Standard and a COSTI award recipient, recognized as providing the Best Virtual and Fractional CISO Services in Canada for 2025 and 2026, she is passionate about making world-class cybersecurity accessible to growing businesses. She holds CISSP, CISA, CRISC, CDPSE, and CMMC-RP certifications and is a recognized expert in SOC 2, ISO 27001, ISO 42001, NIST AI RMF, and CMMC frameworks.
Credentials and Certifications
- CISSP: Certified Information Systems Security Professional
- CISA: Certified Information Systems Auditor
- CRISC: Certified in Risk and Information Systems Control
- CDPSE: Certified Data Privacy Solutions Engineer
- CMMC-RP: Cybersecurity Maturity Model Certification Registered Practitioner
- CAIA: Certified Artificial Intelligence Auditor
- CAIE: Certified Artificial Intelligence Ethicist
- CAIP: Certified Artificial Intelligence Professional
Areas of Expertise
- Virtual CISO Services (vCISO) and Fractional CISO leadership
- AI Risk Assessment and AI Governance
- ISO 42001 AI Management System
- NIST AI Risk Management Framework (AI RMF)
- SOC 2 Type I and Type II Compliance
- ISO 27001 Information Security Management
- CMMC (Cybersecurity Maturity Model Certification)
- Governance, Risk and Compliance (GRC)
- DevSecOps and AI Agentic Workflow Security
- Cloud Security, Threat Modeling, and Penetration Testing
- Data Security and Privacy
- Third-Party Risk Management and Security Architecture
- Cybersecurity for SaaS companies and Private Equity portfolios
Awards and Recognition
- Best Virtual and Fractional CISO Services in Canada (2026)
- Best Virtual and Fractional CISO Services in Canada (2025)
- Contributor to CAN/DGSI 100-5: Data Governance, Health Data and Information Capability Framework (Second Edition, March 2026)
- COSTI Appreciation Award, Contribution to Cybersecurity Internship Program for Newcomers to Canada
Professional Memberships
- ISACA
- (ISC)²
Connect with Victoria Arkhurst
Cybersecurity & AI insights
7 Safeguards to Secure AI Agents
What Is Context Engineering?
Claude Cowork - AI Security Risks
Our Industry Certifications
Our diverse industry experience and expertise in AI, Cybersecurity & Information Risk Management, Data Governance, Privacy and Data Protection Regulatory Compliance is endorsed by leading educational and industry certifications for the quality, value and cost-effective products and services we deliver to our clients.
We specialize in transforming small and medium-sized SaaS & AaaS businesses into cyber-resilient organizations with cost-effective Virtual CISO Services.
Subscribe to Our Newsletter
