Information Security Consultant – Risk

Information Security Consultant required to join a global organisation in Glasgow and play a key role in evaluating security risks across projects, technology initiatives, and third-party suppliers.

This is a chance to influence how a global firm approaches security governance, vendor assurance, and risk management. You’ll operate in a complex, cloud-driven environment where safeguarding data, maintaining compliance, and ensuring robust security controls are essential to business operations.

The organisation operates on a global scale and is currently driving major technology and process transformation throughout the company. There is a strong emphasis on cloud adoption, modernisation, and automation, and they are committed to building a secure, future‑ready environment. It’s IT and risk teams collaborate closely with stakeholders across the business to ensure projects, platforms, and third‑party partnerships are delivered securely and in line with best practice.

As an Information Security Consultant, you’ll assess the security impact of new initiatives, review third‑party providers, and help guide stakeholders through risk and compliance requirements. You’ll be involved in shaping and maintaining the organisation’s security assessment practices, ensuring projects and suppliers meet internal standards and recognised industry frameworks.

• Carry out project and supplier security assessments, identifying risks and recommending pragmatic mitigation.
• Review vendor assurance evidence such as certifications, audits, and security documentation.
• Contribute to the organisation’s risk management approach, ensuring issues are tracked and remediation is monitored.
• Support the development and refinement of security processes, standards, and assessment methodologies.
• Work with IT, procurement, risk, and project teams to embed strong security practices throughout delivery lifecycles.
• Assist with audit activities and help maintain alignment with recognised frameworks such as ISO 27001 and NIST.
• Provide security guidance to stakeholders and promote a culture of awareness and accountability.

• Background in information security, risk assessment, or vendor assurance within complex organisations.
• Solid understanding of security controls, governance frameworks, and regulatory expectations.
• Experience engaging with both technical teams and business stakeholders.
• Strong analytical and communication skills, with the ability to articulate risks clearly and constructively.
• Professional certifications such as CISM, CISA, CISSP or similar are advantageous.

• Shape how a global organisation approaches security risk at a strategic level, influencing decisions that directly impact major projects, supplier ecosystems, and long‑term technology direction.
• Get hands‑on with complex, high‑profile global technology projects, giving you broad exposure and the opportunity to tackle diverse security challenges across modern platforms and services.
• Become a trusted advisor across the business, working with senior stakeholders who rely on your expertise to drive secure, compliant, and commercially aware outcomes.
• Play a pivotal role in strengthening the organisation’s security culture, helping evolve processes, frameworks, and assurance practices that support global operations.
• Grow your career in an environment that values innovation, collaboration, and professional development, with access to modern tooling, audit programmes, and international teams.
• Make a tangible impact on how the firm protects its people, clients, and information, contributing to a security posture that underpins trust at an international scale.

You’ll receive a competitive salary and strong benefits package, with hybrid working (3 days per week onsite) in a modern city centre office.

This is an opportunity to develop your security consulting expertise while contributing directly to the protection of critical systems and data.

If this sounds interesting, please apply or reach out to Murray Simpson.