SENIOR-LED GRC CONSULTING
Compliance that holds.
Expertise you can trust.
Most companies hire junior consultants and call it GRC. Arclight puts a senior CISSP-certified practitioner on your program from day one.
CISSP · SSCP · CySA+ · Security+ · Juris Master in Cybersecurity · NIST · SOC 2 · FedRAMP
WHAT WE DO
Senior-led compliance.
No handoffs. No juniors.
Every engagement is led personally by Anthony Addison — CISSP, former Director of GRC, and compliance practitioner with 15+ years in the field.
GRC PROGRAM DESIGN
Build the program right the first time.
Gap assessments, risk registers, control frameworks, and policy suites — built to last, not to check a box.
SOC 2 READINESS
Audit-ready without the agency overhead.
From gap assessment through Type II audit — fixed fee, senior practitioner, every session.
VIRTUAL CISO
Executive security leadership on demand.
Board reporting, vendor risk, incident response planning — the strategic security voice your company needs, fractional.
FEDRAMP ADVISORY
Navigate FedRAMP without the chaos.
SSP development, control narrative writing, 3PAO prep, and authorization support for cloud providers targeting federal markets.
THE ARC MODEL
Four phases. One trajectory.
The Arc Model moves every client from scattered controls to a defensible, scalable compliance program.
PHASE 01 — FOUNDATION
Foundation.
Current-state assessment, gap analysis, and control framework selection. We know where you are before we plan where you’re going.
PHASE 02 — GROWTH
Growth.
Policy buildout, control implementation, evidence collection, and team enablement. The scaffolding goes up.
PHASE 03 — PEAK
Peak.
Audit readiness, auditor liaison, and certification delivery. You cross the line audit-ready — not scrambling.
PHASE 04 — EVOLUTION
Evolution.
Ongoing program management, continuous monitoring, and regulatory horizon-scanning. Compliance as a living system.
ENGAGEMENTS
Transparent pricing.
No surprises.
FOUNDATION
$14,500
SOC 2 program
Gap assessment through audit-ready, fixed fee.
- ✓Senior expert, every session
- ✓Policy + control buildout
- ✓Auditor liaison
ADVISORY RETAINER
$4,500
per month
Ongoing compliance leadership — vCISO-level access without the full-time hire.
- ✓Monthly strategy sessions
- ✓Policy + risk management
- ✓Vendor risk reviews
- ✓Board-level reporting
CUSTOM ENGAGEMENT
Custom
scoped to your situation
FedRAMP, HIPAA, CMMC, custom frameworks, or multi-standard programs. We scope it together.
- ✓Custom scoping call
- ✓Fixed-fee or retainer
- ✓Multi-framework support
Ready to get compliance right?
Book a free 30-minute scoping call. No pitch deck, no pressure — just a senior practitioner who can tell you exactly what your program needs.