Silicon Valley Clean Energy (SVCE) is seeking a vendor to provide Virtual Chief Information Security Officer (VCISO) and Security Assessment Services. The scope of work is divided into three main sections: 1) Provide VCISO services including guided security assessment, security program roadmap and guidance, serve as strategic executive information security resource to leadership and staff, provide answers to questions related to roadmap remediation activities or client and partner questionnaires, transfer knowledge, demonstrate measurable results to the security program, lead scheduled monthly information security meetings, assist with policy and standards, provide incident response support, make technology recommendations, and provide security news updates; 2) Provide annual tabletop exercise, working with SVCE staff to setup parameters, develop a mock incident IR exercise, conduct the mock event, and document the results and provide debrief with staff; 3) Perform annual security risk assessment/IT audit to identify measurable baseline for SVCE's security posture and help prioritize remediation efforts, including remediation planning and support, roadmap tools, score cards, and reports; 4) Provide incident response retainer services with a 2-4 hour SLA response time, allowing SVCE to get initial IR support with a prepaid block of hours.