Information Security Officer

Ready to help strengthen global third‑party risk management and customer assurance across an expanding global business.

As an Information Security Officer – Third Party Risk Management, you’ll be part of a team dedicated to delivering Governance, Risk and Compliance services that help the business manage information and cyber security risks. Working closely with the Global GRC Information Security Manager, you’ll play a key role in improving how we assess, manage and communicate third‑party and customer‑related security risks across our global organisation.

You’ll bring broad experience in third‑party risk, compliance and assurance, spanning technology, people, processes and suppliers in both retail and online environments. You’ll collaborate with colleagues across the business, offering clear, practical guidance and taking a hands‑on approach when needed. You’ll be part of a supportive global team while confidently taking ownership of your workload, setting priorities and keeping everything running smoothly.

You’ll deliver Third Party Risk Management and Customer Assurance services globally, managing supplier assessments, reporting risks and working with stakeholders to ensure issues are understood and acted on. You’ll help develop threat‑intelligence‑led and automated approaches to TPRM, maintain and enhance our assessment platform, and support wider cyber risk management activities. You’ll also contribute to policies, standards and frameworks, manage customer assurance activities such as contract reviews, and conduct controls assurance reviews to demonstrate compliance with our security requirements.

You’ll take ownership of monthly reporting and metrics, embed security requirements into procurement and supplier management, and balance day‑to‑day responsibilities with ongoing service improvements. Collaboration will be central, ensuring alignment with the wider Information Security team and maintaining accurate updates in our task management platform.

We’re looking for someone with experience in information security risk, compliance and assurance, ideally within Third Party Risk Management. You’ll have hands‑on experience running controls assurance assessments or audits, both remotely and onsite, and you’ll be confident reviewing third‑party contracts and interpreting security clauses. You’ll have experience responding to customer due‑diligence requests and providing clear, accurate security information in support of those assessments. You communicate clearly with suppliers and internal teams at every level and know how to guide and mentor others when needed. A strong understanding of security standards, such as PCI DSS, ISO 27001, Cyber Essentials, NIS CAF and NIST, along with solid knowledge of problem management and third‑party risk will help you navigate the role with confidence. 

This role closes on 27^th February 2026: however, we may close the advert sooner if we get inundated with high-quality applications.

If you’re ready to make a global impact and help shape the future of security culture at Specsavers, we’d love to hear from you