How do I know when our VP of security is ready to become a CISO?

I see a VP of Security is likely taking a strategic view of security operations. InfoSec, AppSec, Architecture. Their focus is primarily around managing the daily running and direction of the implementation

However a CISO is focusing more on organisational strategy, covering GRC and managing certifications.

While you might have one person doing both roles (and there is indeed overlap), a VP of Security and CISO can be seen as distinctly different entities in some businesses

Interesting question, but confusing, is there already a CISO in the organization? or are you creating the CISO position or promoting the VP to the CISO position?

The CISO should be an officer level position responsible for creating and enforcing information security policies and ensuring information assets and IT Technologies are adequately protected.

Ideally, the CISO should have a separate budget from the CIO, and reports to the CEO, to maintain some independence from the CIO, sort of a check and balance system.

A CISO position requires demonstration of a high level of strategic vision, ability to work with senior management and the Board of Directors and a significant level of financial acumen.  In some organizations, the CISO position is also expected to represent the organization at  industry events and participate on professional panels.  All of these characteristics should be confirmed before promoting a VP level security position to a CISO position.  Attainment of a CCISO certification would also be beneficial.

Totally and completely dependent on the organization.  In some large global organizations there might be a VP of security that is responsible for the entire organizaition with hundreds of staff and significant responsibility for the protection of information.  Other organizations might have a CISO with 3 people reporting to a CIO with very little capability to govern the protection of data.
A VP of Security potentially is more of an operational role responsible for the cyber security controls, monitoring, incident response etc and a CISO could be considered more of a management role with the goal of development of strategy, culture and risk profile.  Also in some organizations having a "C" title may indicate something legally, but that isn't formalized and is very dependent on the organization.
Unless the individual reports to the CEO and has a capability to report to the board independent of org structure calling someone a CISO is (in general) a title without meaning.