Meet the Director

Marty Carter is Director of Meridian GRC Consulting Ltd and an Information Security Consultant specialising in governance, risk, and compliance. He helps organisations address regulatory challenges by designing security and compliance programs that are practical, defensible, and aligned with business goals.

As an ISO/IEC 27001 Lead Auditor, Drata Technical Certified practitioner, and experienced GRC advisor, Marty supports organisations across technology, SaaS, managed services, and regulated sectors. He collaborates with leadership teams to assess risk, implement proportionate controls, and demonstrate assurance through structured governance, measurable outcomes, and audit-ready evidence, including support for SOC 2 readiness and certification programmes.

He has guided organisations through the development and certification of comprehensive information security programmes. Most recently, he advised a company through a year-long ISO/IEC 27001:2022 implementation, supporting the design and operation of their Information Security Management System and preparation for an external audit. The organisation achieved certification with zero non-conformities, demonstrating the effectiveness of a structured, evidence-based approach.

His work reflects Meridian GRC Consulting’s core philosophy: governance and compliance programmes must function in practice, not just on paper. Engagements focus on building sustainable, transparent operating models that withstand scrutiny from auditors, regulators, and stakeholders.

Experience and Results

Information Security and Privacy Management Systems Implementation

Led and supported full ISO/IEC 27001:2022 ISMS implementation programmes, including governance design, risk management frameworks, Statements of Applicability (SoA), and audit preparation. Experience implementing ISO/IEC 27001 and ISO/IEC 27701 programmes, supporting organisations in integrating information security and privacy governance.

Certification and Assurance Readiness

Prepared organisations for ISO/IEC 27001 and SOC 2 engagements by designing control frameworks and evidence processes that support external audit and regulatory review.

Compliance Platform and SOC 2 Readiness

Supported SaaS organisations in managing compliance and assurance programmes using automation platforms such as Drata, assisted a SaaS organisation in preparing for a time-critical SOC 2 Type 2 audit engagement, and advised clients on advanced certification initiatives, including dual ISO/IEC 27001 and ISO/IEC 42001 programmes.

Audit Outcomes and Assurance Improvements

Supported organisations in achieving structured, measurable, and defensible security and compliance programmes, including ISO/IEC 27001 certification with zero non-conformities.

Risk Management and Governance Advisory

Established enterprise risk management approaches, structured assessment methodologies, and governance oversight practices aligned with international standards.

Consulting Philosophy

Effective governance, risk, and compliance programs should be practical, measurable, and able to withstand independent review. Security and compliance result from structured governance, appropriate controls, and consistent assurance.

Marty translates complex regulatory requirements into clear, actionable practices aligned with business objectives. This approach helps organisations improve decision-making, demonstrate control effectiveness, and build stakeholder trust.

Work directly with the Director of Meridian GRC Consulting

Bring clarity and assurance to your governance, risk, and compliance programme.