About Us

Established Professionals

Established in 2009 as part of a collaboration with RSA Archer (formerly Archer Technologies), 2MC was formed to deliver a global threat management solution to one of the UK’s largest retail banks. This partnership has been strengthened since the acquisition of Archer by RSA which has led to 2MC providing a significant portion of professional services on their behalf.

Strong Partnerships

Having developed into an established worldwide consulting services company, 2MC has built strong partnerships with leading product vendors and successfully meeting the increasing client and market demands. Clients are looking for an approach that builds their confidence that suppliers not only demonstrate a solid understanding of their business and their needs but also the factors in achieving Return on Investment (ROI).

People, Processes, Technology

In a market dominated by product vendors, 2MC seeks to address this technology-led imbalance with independent but complementary business-led consulting and services. The three elements of people, processes, and technology ring true with a GRC programme and it is this focus that 2MC applies to bring this balance to our clients projects.

Extensive Knowledge & Experience

Our consultants have extensive knowledge and gained over many years acting as risk, compliance, and security practitioners within large corporations. They have a firsthand grasp of the challenges and needs facing organisations and have honed their skills in over 80 successful GRC projects. Our business consultants work closely with our solution architects and product consultants who have a deep and proven expertise in solution design, configuration and technology integrations.

Management Team

Marc Kellinger

Marc has over 15 years of experience in the technology and software industry, developing IT solutions in numerous industry sectors ranging from financial services to energy. Marc is currently focused in advising and delivering compliance, risk, and threat management solutions to multinational organisations.

Recent roles include:

  • Managing the global implementation of an IT Threat Management solution for one of the largest banking organisations
  • Responsibility for ensuring compliance across multiple regulatory requirements, including Sarbanes Oxley (SOX) 404 compliance, PCI, and Data Privacy for one of the world’s largest energy companies.

Marc holds a first class joint honours degree in Computer Science and Mathematics.


Mark Winchcomb

Mark has 20 years’ experience in Information Security, Risk and Compliance Management. He has held global roles in large multinationals either as a business owner or in a customer facing advisory capacity delivering change programmes and solutions. His extensive experience in both domains equips Mark with an unusual blend of business insight and the professional services and solutions required in delivering to the client. His understanding provides a clear perspective and motivation to harmonise Security, Risk, and Compliance processes into an integrated approach.

Recent roles include:

  • Managing a global compliance programme for Sarbanes Oxley (SOX) 404 compliance in the energy sector
  • Managing a global deployment of a risk and compliance solution to an Oil major
  • Advising on and delivering a pan-European risk management solution to one of the largest payment processing organisations.

Simon Carter

Simon has over 15 years of experience working in risk and security consulting. Prior to joining 2M Consultancy, Simon was Deloitte’s UK lead for IT GRC tool solutions. He has experience of working in internal and external audit, IT security, risk management and records management roles and has led a number of GRC programmes.

Recents clients include: Barclays, BP, Lloyds Banking Group, RBS and Visa.

Simon has a BSc in Computer Science from Nottingham University, an MSc in Information Security from Royal Holloway, University of London, and holds PRINCE2, ITIL, and CISA qualifications.