Skip to main content
NEXUS.ai
Three structured ways to work together

Engagement models.

Each one is structured, time-bound, and scoped to an outcome. No retainer lock-ins. No enterprise pricing templates. Built for the stage you are at.

Principles

Senior delivery, clean scope, accountable ownership.

Every engagement is led end-to-end by Hachem Elwachem. No handoffs to junior analysts. No disappearing after the report. One advisor. Full accountability. From first assessment to final handover.

The three models below differ in shape — fixed, ongoing, lightweight — but share the same delivery standard. Pricing is scoped per engagement and shared in writing after a 30-minute scoping call.

Fixed scope
Typically 6–12 weeks

Compliance Sprint

Ideal for a specific certification, regulation, or enterprise deal deadline to hit.

  • Full ITCA™ cycle run against one clear outcome
  • Regulatory mapping → control build → audit readiness
  • Defined timeline, fixed scope, written milestones
  • Full documentation and handover included
  • Suitable for ISO 27001, SOC 2, EU AI Act, SaMD, GDPR, NIS2
Enquire about a Sprint
Ongoing · Most common
2–4 days / week

Fractional CISO / CRCO

Ideal for scale-ups who need a senior security and compliance leader embedded in the team — without the full-time cost or six-month hiring delay.

  • 2 to 4 days per week, remote or on-site
  • Full executive authority and regulator-facing accountability
  • Board and investor representation on risk, security, compliance
  • Covers GRC, AI Act, SOC 2, vendor risk, incident response
  • Hand-over-ready when you eventually hire in full-time
Enquire about Fractional
Lightweight
8–15 hours / month

Advisory Retainer

Ideal for teams who already have internal capability but need senior oversight, second opinions, and a direct line when it counts.

  • 8 to 15 advisory hours per month
  • Priority access and asynchronous response
  • Monthly compliance and risk posture review
  • Board pack and investor-letter input when required
  • Minimum 6-month term to build continuity
Enquire about Retainer
All engagements individually scoped. Pricing shared in writing after the scoping call.
How we scope

From first call to kick-off in three steps.

01

30-minute scoping call

Structured diagnostic. No pitch, no slides. We walk through your product, your markets, your current compliance position, your immediate pressure points. You leave the call with a sharper view of what actually applies — whether we end up working together or not.

02

Written proposal within 5 business days

Scope, deliverables, timeline, milestones, commercial terms, named advisor. In writing. No mystery line items. You can walk it to your board or investors without translation.

03

Kick-off within 2 weeks of agreement

Signed, staffed, and started. Week one is always Identify — no exceptions. The rest flows from there through the ITCA™ sequence.

Clear exclusions

What we do not do.

Being explicit about the work we will not take on is part of how we protect the quality of the work we do take on.

  • Banking-sector compliance. Not our domain. Categorically out of scope.
  • Penetration testing and red-team execution. We scope, select, and oversee specialists — we do not execute.
  • MSSP / SOC staffing. We design, select, and govern the operating model — we do not run night-shift operations.
  • Legal opinions and regulatory filings requiring licensed counsel. We work alongside your lawyers, we do not replace them.
  • Fundraising, M&A, or transaction advisory. We make the business ready — we do not raise or transact on your behalf.

Which model fits your situation?

Easier to work out on a call than on a page.

Request scoping