Governance, Risk & Compliance

Advisory, Assessments, Compliance, and Transformation.


The Viceroy Group helps public and private sector organizations assess their resilience to cyber attack so they can design, implement, and manage a program that realistically withstands modern-day threats. Staying ahead of your adversaries means consistently testing the measures in place with real world scenarios. We use the latest techniques to simulate ethical attacks on your organization. By illustrating how we gained access to your critical systems, you can secure your environment with confidence knowing where you’re exposed.

The Viceroy Group manages your digital assets so you can allocate time where it matters most - your business operations. Through our partnerships with other cybersecurity companies, The Viceroy Group identifies all the endpoints accessing your network so you can see who is on your network at all times. Having a real-time system inventory gives you a view of all managed and unmanaged devices in the environment in a simple dashboard.


The Viceroy Group believes in healthy IT hygiene. All cyber systems have vulnerabilities. It is inevitable the same way a human body is subject to disease. A patient sees a healthcare provider each year and may submit to a cadence of tests to assess the patient's overall health. Your organization's digital infrastructure needs a health assessment too so you can fix its vulnerabilities.

We develop and conduct a risk assessment process to identify, manage, and mitigate cyber risks relevant to the organization’s business. This includes considering the organization’s business model, as part of defining a risk assessment methodology, and working to identify and prioritize potential vulnerabilities, including remote or traveling employees, insider threats, international operations and geopolitical risks, among others.


Incident Response Plans are not just a good idea, for many highly-regulated industries like healthcare and financial services, it's the law. The Viceroy Group helps organizations comply with legal requirements by developing incident response plans that can withstand the test of time. Incident response plans prepare organization's for mental stress tests.

Many incident response plans are built on assumptions that no longer apply in COVID-19 times. For instance, a key individual may be quarantined. Or the plan may require physical access to a location that's no longer an option for some reason. A thorough review of your organization's plan is needed during these uncertain times.


Manage user access through systems and procedures that keep your organization safe. Migrating your data and services to respond to growing cyber threats can be a challenge. The Viceroy Group believes adopting and implementing comprehensive written policies and procedures to mitigate cyber risk is critical.

Cybersecurity tools are available to transform your organization's security program and partnering with The Viceroy Group and its vast resources can alleviate the pain points in the transformation process. We'll guide your organization along the way. By establishing comprehensive testing and monitoring to validate the effectiveness of cybersecurity policies and procedures on a regular and frequent basis, your organization can keep pace with the evolving threat landscape. Testing and monitoring can be informed based on cyber threat intelligence.