Location: This hybrid role requires 2 days on-site at our Burnaby, BC office and 3 days remote per week.
Salary: $114,000 – $130,000
Actual compensation within the range will be based on experience
We also offer quarterly variable compensation package (bonus) + benefits

This is a role within the Specsavers Information Security team reporting to the Global GRC Manager. The Information Security Officer role (ISO) will own the management of Infosec Governance, Risk and Compliance within the North America region and be a facilitator for services that come from the Global Infosec team. This role helps to deliver the Global GRC Program for Specsavers. These services will include day to day oversight, and risk management of key systems, information security management and interaction with the business, Group Information Security and IT teams.
Purpose of the role
of information risk to Specsavers. It requires a broad knowledge of risk management and assurance activities across technology, process and governance. It also requires an ability to balance a hands-on approach to security management where necessary, with an ability to self-direct, prioritise and manage work as above plus the quality of service provided to Specsavers regardless of delivery method (internal or 3rd party) with respect to information security.
Security processes and services within Specsavers are in a continuous state of improvement and a key part of this role will be to work with the Global GRC Manager to help them define and regulate these as part of the virtual security team.

Key Responsibilities

• Provide expert guidance on PCI-DSS, ISO27001, NIS CAF, and information security risk management.
• Support compliance efforts and ensure conformance with relevant security standards and frameworks.
• Develop and maintain security policies aligned with legislation, especially for the Canada region, and review them annually.
• Coordinate security initiatives and training with stakeholders across the business.
• Ensure strong information governance by collaborating with Data Privacy leads and participating in relevant forums.
• Monitor and report on security posture, including maintaining risk and control registers and providing KPI-based updates to risk owners.
• Advise on security in projects and IT changes, contributing to CAB discussions and architectural planning.
• Respond to audits and incidents, implementing recommendations and managing threat intelligence locally.
• Engage with the global InfoSec team, sharing feedback and aligning with global practices and technologies.
• Balance operational and improvement work, prioritising tasks, managing workloads, and adapting to organisational changes.
• Assist in designing and implementing a resilient Information Security architecture through the facilitation of requests into the Group Infosec architecture team.
• Consume threat protection, monitoring, and incident response capabilities from the Group Infosec team and manage these locally.
• Consume threat and vulnerability feeds from the Group Infosec team and manage local resolver groups where appropriate.