Ready to help strengthen global third-party risk management and customer assurance across an expanding global business.
As an Information Security Officer - Third Party Risk Management, youll be part of a team dedicated to delivering Governance, Risk and Compliance services that help the business manage information and cyber security risks. Working closely with the Global GRC Information Security Manager, youll play a key role in improving how we assess, manage and communicate third-party and customer-related security risks across our global organisation.
Youll bring broad experience in third-party risk, compliance and assurance, spanning technology, people, processes and suppliers in both retail and online environments. Youll collaborate with colleagues across the business, offering clear, practical guidance and taking a hands-on approach when needed. Youll be part of a supportive global team while confidently taking ownership of your workload, setting priorities and keeping everything running smoothly.
Youll deliver Third Party Risk Management and Customer Assurance services globally, managing supplier assessments, reporting risks and working with stakeholders to ensure issues are understood and acted on. Youll help develop threat-intelligence-led and automated approaches to TPRM, maintain and enhance our assessment platform, and support wider cyber risk management activities. Youll also contribute to policies, standards and frameworks, manage customer assurance activities such as contract reviews, and conduct controls assurance reviews to demonstrate compliance with our security requirements.
Youll take ownership of monthly reporting and metrics, embed security requirements into procurement and supplier management, and balance day-to-day responsibilities with ongoing service improvements. Collaboration will be central, ensuring alignment with the wider Information Security team and maintaining accurate updates in our task management platform.
Were looking for someone with experience in information security risk, compliance and assurance, ideally within Third Party Risk Management. Youll have hands-on experience running controls assurance assessments or audits, both remotely and onsite, and youll be confident reviewing third-party contracts and interpreting security clauses. Youll have experience responding to customer due-diligence requests and providing clear, accurate security information in support of those assessments. You communicate clearly with suppliers and internal teams at every level and know how to guide and mentor others when needed. A strong understanding of security standards, such as PCI DSS, ISO 27001, Cyber Essentials, NIS CAF and NIST, along with solid knowledge of problem management and third-party risk will help you navigate the role with confidence.
This role closes on 27th February 2026: however, we may close the advert sooner if we get inundated with high-quality applications.
If youre ready to make a global impact and help shape the future of security culture at Specsavers, wed love to hear from you