Senior Security Consultant

Why this role?Do you enjoy helping organisations understand, secure, and strengthen their supply chains against modern security threats? At NCC Group, you'll help clients manage risk beyond their own perimeter, across suppliers, partners, vendors, and critical service providers.You'll work at the intersection of cyber security, risk management, and operational resilience, supporting organisations as they respond to increasing regulatory scrutiny, geopolitical risk, and complex third-party ecosystems. This is high-impact consulting work that blends strategic advisory, governance, and practical security improvement across supply chains.What you'll doAssess supply chain security risk: Conduct third-party and supply chain security assessments, identifying systemic risks across vendors, service providers, and technology dependencies.Design supply chain security frameworks: Develop and implement supply chain security strategies aligned to standards such as NIST CSF, NIST , ISO 27036, ISO 28000, and emerging regulatory requirements.Strengthen third-party risk management: Support the design and improvement of third-party risk management (TPRM) programmes, including due diligence, onboarding, assurance, and ongoing monitoring.Advise on secure supplier engagement: Help clients embed security requirements into procurement processes, contracts, supplier assurance models, and service-level agreements.Analyse concentration and dependency risk: Identify critical supplier dependencies, single points of failure, and cascading risk across complex supply networks.Test and validate controls: Support scenario-based exercises, tabletop simulations, and risk walkthroughs focused on supplier compromise, service disruption, or geopolitical impact.Engage senior stakeholders: Translate technical and operational findings into clear, business-relevant insights for executives, boards, and risk committees.Collaborate across disciplines: Work alongside cyber security, resilience, legal, procurement, and operational teams to deliver integrated supply chain security outcomes.Mentor and contribute: Coach junior consultants and contribute to reusable methodologies, assessment tools, and thought leadership in supply chain security.What you'll bringStrong experience in supply chain security, third-party risk, or operational risk consulting, ideally in complex enterprise environmentsPractical understanding of vendor risk, supplier assurance, and ecosystem-level security threatsFamiliarity with relevant standards and frameworks such as:NIST SP Supply Chain Risk Management)ISO ICT Supply Chain Security)ISO Supply Chain Security Management)NIST CSF, ISO as applied to third parties)Ability to engage confidently with technical teams, procurement, legal, risk functions, and executive leadershipExperience conducting risk assessments, workshops, or assurance activities with third partiesStrong written and verbal communication skills, able to produce concise reports and deliver clear recommendationsNice-to-haves (not show-stoppers)Experience with regulatory and compliance drivers (e.g. DORA, NIS2, SOCI, critical infrastructure regulations)Understanding of software supply chain security (e.g. SBOMs, secure development, open-source risk)Exposure to geopolitical risk, sanctions, or operational resilienceCertifications such as:CISSP, CISM, CRISCISO 27001 / 27036 Lead Implementer or AuditorSupply chain or risk-related certificationsA week in the life (example)Monday: Run a supply chain risk workshop with a critical infrastructure client, mapping supplier dependencies and risk concentration.Tuesday: Perform a third-party security assessment for a strategic technology provider.Wednesday: Design a supply chain security framework aligned to regulatory expectations and client risk appetite.Thursday: Facilitate a tabletop exercise simulating supplier compromise and downstream business impact.Friday: Present findings and prioritised recommendations to senior stakeholders and agree next steps.How we workPragmatic > performative. We focus on achievable, sustainable resilience rather than perfection on paper.Collaborative by default. You'll work alongside cyber, continuity, and risk experts across NCC Group's global network.Curious mindset. Research time, labs, and thought leadership contributions are part of our rhythm.Inclusive and flexible. We value diversity of thought and support hybrid working that fits your life.