Consultant - InfoSec Auditor

About the Role

This position sits at the core of a growing risk advisory function, supporting a diverse portfolio of organisations as they navigate the challenges of third-party oversight. You will be the person clients rely on to bring clarity, structure, and expertise to their supplier risk landscape.

• Carry out detailed third-party risk reviews from initiation to completion, ensuring each assessment is both timely and thorough.
• Build and maintain strong, professional relationships with clients and their suppliers.
• Manage assessment pipelines efficiently, upholding high standards of accuracy and consistency.
• Engage directly with suppliers to keep information flowing and processes on track.
• Analyse control environments, highlight gaps or emerging issues, and develop clear, actionable recommendations.
• Produce polished assessment outputs aligned to recognised methodologies and internal quality expectations.
• Contribute to management information, reporting, and briefing packs for internal and client stakeholders.
• Support supplier assurance programmes and participate in wider risk or consultancy projects.
• Represent the wider team with professionalism and a solid understanding of its objectives.

• Share knowledge, mentor junior colleagues, and help raise capability across the function.
• Get involved in continuous improvement activities aimed at strengthening internal processes.
• Assist in organisational operations such as recruitment when required.

• A minimum of three years' experience within supplier assurance, third-party risk, or a closely related discipline.
• Strong working knowledge of cybersecurity frameworks (e.g., NIST, PCI DSS, ISO).
• Hands-on experience performing risk assessments across different business areas or lines of defence.
• Good understanding of risk methodologies, assessment lifecycles, and standardised approaches.
• Ability to work confidently both independently and as part of a collaborative team.
• Excellent stakeholder engagement skills and strong communication abilities, both written and verbal.
• A proactive, adaptable mindset and the confidence to represent the team effectively in a client-facing setting.

• Familiarity with commonly used cybersecurity tools and platforms.
• Previous consultancy experience helpful, but not essential. A willingness to thrive in a fast-paced advisory environment is what matters most.

To speak in absolute confidence about this opportunity please send an up-to-date CV via the link provided or contact Senior Recruitment Consultant Stuart Kennedy at MCS Group on 02896935520 or s.kennedy@mcsgroup.jobs.

Even if this position is not right for you, we may have others that are. Please visit MCS Group to view a wide selection of our current jobs.