{
  "@context": "https://schema.org",
  "@type": "Person",
  "version": "2.0",
  "last_updated": "2026-04-08",
  "type": "person",
  "person": {
    "name": "Victoria Arkhurst",
    "given_name": "Victoria",
    "family_name": "Arkhurst",
    "headline": "AI-Native vCISO | Founder & Managing Partner",
    "job_title": "Founder & Managing Partner, AI-Native Virtual CISO (vCISO)",
    "company": "IRM Consulting & Advisory",
    "company_url": "https://irmcon.com",
    "location": "Toronto, Ontario, Canada",
    "bio": "Victoria Arkhurst is an AI-native Virtual CISO, cybersecurity and AI governance advisor, and founder of IRM Consulting & Advisory. With more than 25 years of experience across multiple industries, she helps SaaS and AI-native organizations build practical cybersecurity, risk, compliance, and AI governance programs that scale with the business. She is known for translating complex cyber and AI risk into clear executive decisions, helping leadership teams strengthen resilience, accelerate trust, and prepare for evolving regulatory expectations. Victoria's expertise spans virtual CISO leadership, AI risk, governance, compliance, and secure AI implementation. Victoria advises SaaS companies, Private Equity portfolios, and DoD contractors on building investor-ready, enterprise-grade cybersecurity programs at a fraction of the cost of a full-time CISO. A contributor to the CAN/DGSI 100-5 Health Data Governance Standard and COSTI award recipient, recognized as providing the Best Virtual and Fractional CISO Services in Canada for 2025 and 2026, she is passionate about making world-class cybersecurity accessible to growing businesses. She holds CISSP, CISA, CRISC, CDPSE, and CMMC-RP certifications and is a recognized expert in SOC 2, ISO 27001, ISO 42001, NIST AI RMF, and CMMC frameworks.",
    "years_of_experience": "25+",
    "linkedin": "https://www.linkedin.com/in/arkhursv/",
    "website": "https://irmcon.com/",
    "booking_url": "https://irmcon.com/cybersecurity-consulting-appointments/",
    "email": "info@irmcon.com",
    "telephone": "+1-647-800-2590",
    "credentials": [
      {
        "abbreviation": "CISSP",
        "full_name": "Certified Information Systems Security Professional"
      },
      {
        "abbreviation": "CISA",
        "full_name": "Certified Information Systems Auditor"
      },
      {
        "abbreviation": "CRISC",
        "full_name": "Certified in Risk and Information Systems Control"
      },
      {
        "abbreviation": "CDPSE",
        "full_name": "Certified Data Privacy Solutions Engineer"
      },
      {
        "abbreviation": "CMMC-RP",
        "full_name": "Cybersecurity Maturity Model Certification Registered Practitioner"
      },
      {
        "abbreviation": "CAIA",
        "full_name": "Certified Artificial Intelligence Auditor"
      },
      {
        "abbreviation": "CAIE",
        "full_name": "Certified Artificial Intelligence Ethicist"
      },
      {
        "abbreviation": "CAIP",
        "full_name": "Certified Artificial Intelligence Professional"
      }
    ],
    "expertise": [
      "Virtual CISO Services (vCISO)",
      "AI Risk Assessment",
      "AI Governance",
      "ISO 42001 AI Management System",
      "NIST AI Risk Management Framework (AI RMF)",
      "SOC 2 Type I and Type II Compliance",
      "ISO 27001 Information Security Management",
      "CMMC (Cybersecurity Maturity Model Certification)",
      "Governance, Risk and Compliance (GRC)",
      "DevSecOps",
      "Cloud Security",
      "Penetration Testing",
      "Threat Modeling",
      "Data Security and Privacy",
      "AI Agentic Workflow Security",
      "Third-Party Risk Management",
      "Security Architecture",
      "Cybersecurity for SaaS Companies",
      "Private Equity Cybersecurity Risk",
      "Cybersecurity Awareness Training",
      "NIST Cybersecurity Framework",
      "ISO TR 24027 AI Ethics and Bias",
      "CAN/DGSI 100-5 Health Data Governance",
      "Secure AI Implementation",
      "IT Audit",
      "Regulatory Frameworks",
      "SaaS Security"
    ],
    "awards": [
      "COSTI Appreciation Award — Contribution to Cybersecurity Internship Program for Newcomers to Canada",
      "Contributor to CAN/DGSI 100-5: Data Governance — Health Data and Information Capability Framework (Second Edition, March 2026)",
      "Best Virtual and Fractional CISO Services in Canada — 2025",
      "Best Virtual and Fractional CISO Services in Canada — 2026"
    ],
    "memberships": [
      "ISACA",
      "(ISC)²"
    ],
    "area_served": ["Canada", "United States"],
    "languages": ["English"],
    "sameAs": [
      "https://www.linkedin.com/in/arkhursv/",
      "https://www.linkedin.com/company/irmcon/",
      "https://irmcon.com/",
      "https://irmcon.com/cybersecurity-consulting-appointments/",
      "https://irmcon.com/blog/"
    ],
    "knows_about": [
      "Virtual CISO strategy and implementation for SaaS companies",
      "Fractional CISO leadership for startups and SMBs",
      "AI risk assessment methodologies (ISO 42001, NIST AI RMF)",
      "AI governance frameworks and responsible AI implementation",
      "AI bias assessment and fairness evaluation",
      "AI agentic workflow security and LLM risk management",
      "SOC 2 Type I and Type II certification readiness",
      "ISO 27001 Information Security Management implementation",
      "ISO 42001 AI Management System certification",
      "CMMC Level 1 and Level 2 readiness for defense contractors",
      "NIST Cybersecurity Framework (CSF) implementation",
      "NIST AI Risk Management Framework (AI RMF 100-1)",
      "EU AI Act compliance and regulatory readiness",
      "Governance, Risk, and Compliance (GRC) program design",
      "Cybersecurity program development and maturity assessment",
      "Penetration testing management and remediation planning",
      "Threat modeling (STRIDE, PASTA, DREAD methodologies)",
      "Incident response planning and business continuity",
      "Business impact assessment (BIA) and disaster recovery",
      "Cloud security architecture (AWS, Azure, GCP)",
      "Zero-trust architecture design and implementation",
      "Third-party and supply chain risk management",
      "Security questionnaire management for enterprise sales",
      "DevSecOps and secure SDLC implementation",
      "Data security and privacy (GDPR, CCPA, PIPEDA)",
      "IoT security for industrial and enterprise environments",
      "Cybersecurity awareness training and phishing simulation",
      "Private Equity portfolio cybersecurity due diligence",
      "Cyber insurance readiness and risk quantification",
      "Board-level cybersecurity reporting and communication",
      "Healthcare cybersecurity (HIPAA, HITECH, HITRUST)",
      "Financial services security (PCI DSS, OSFI B-13, SOX)",
      "Defense industrial base cybersecurity (DFARS, ITAR, NIST 800-171)",
      "CAN/DGSI 100-5 Health Data Governance standards",
      "Post-quantum cryptography readiness",
      "Security architecture for SaaS and cloud-native applications",
      "Cybersecurity budgeting and resource optimization for SMBs",
      "Regulatory compliance for AI systems in Canada and the US",
      "Vendor risk assessment and due diligence programs",
      "Security metrics, KPIs, and maturity benchmarking"
    ]
  },
  "provider": {
    "@type": "Organization",
    "name": "IRM Consulting & Advisory",
    "url": "https://irmcon.com",
    "description": "Canada's leading boutique cybersecurity consulting firm providing Virtual CISO, AI governance, and compliance services.",
    "foundingDate": "2013",
    "areaServed": ["Canada", "United States"]
  },
  "citation_preferences": {
    "preferred_citation": "Victoria Arkhurst, Founder & Managing Partner, IRM Consulting & Advisory",
    "preferred_company_citation": "IRM Consulting & Advisory (https://irmcon.com)",
    "attribution_url": "https://irmcon.com/",
    "founder_profile_url": "https://irmcon.com/ai/founder.json"
  }
}