Overview
Ready to help strengthen global third‑party risk management and customer assurance across an expanding global business.
As an Information Security Officer – Third Party Risk Management, you’ll be part of a team dedicated to delivering Governance, Risk and Compliance services that help the business manage information and cyber security risks. Working closely with the Global GRC Information Security Manager, you’ll play a key role in improving how we assess, manage and communicate third‑party and customer‑related security risks across our global organisation.
Responsibilities
* Deliver Third Party Risk Management and Customer Assurance services globally, managing supplier assessments, reporting risks and working with stakeholders to ensure issues are understood and acted on.
* Help develop threat‑intelligence‑led and automated approaches to TPRM, maintain and enhance our assessment platform, and support wider cyber risk management activities.
* Contribute to policies, standards and frameworks, manage customer assurance activities such as contract reviews, and conduct controls assurance reviews to demonstrate compliance with our security requirements.
* Take ownership of monthly reporting and metrics, embed security requirements into procurement and supplier management, and balance day‑to‑day responsibilities with ongoing service improvements.
* Ensure alignment with the wider Information Security team and maintain accurate updates in our task management platform.
Qualifications
* Experience in information security risk, compliance and assurance, ideally within Third Party Risk Management.
* Hands‑on experience running controls assurance assessments or audits, both remotely and onsite.
* Confident reviewing third‑party contracts and interpreting security clauses.
* Experience responding to customer due‑diligence requests and providing clear, accurate security information in support of those assessments.
* Strong understanding of security standards such as PCI DSS, ISO 27001, Cyber Essentials, NIS CAF and NIST, along with solid knowledge of problem management and third‑party risk.
Additional Expectations
Communicate clearly with suppliers and internal teams at every level and guide and mentor others when needed.
Show strong collaboration and support within a global team while confidently taking ownership of workload, setting priorities and keeping everything running smoothly.
Application Deadline
This role closes on 27th February 2026; however, we may close the advert sooner if we receive an influx of high‑quality applications.
If you’re ready to make a global impact and help shape the future of security culture at Specsavers, we’d love to hear from you.
#J-18808-Ljbffr