Information Security Officer - Burnaby, BC

Location : This hybrid role requires 2 days on-site at our Burnaby, BC office and 3 days remote per week.

Salary : $114,000 - $130,000

Actual compensation within the range will be based on experience

We also offer quarterly variable compensation package (bonus) + benefits

About Specsavers

Welcome to Specsavers - where we're not just about eyewear and eyecare, we're a purpose-driven organization committed to changing lives through better sight. Ranked as the 11th Best Workplace in Canada and 16th Best Workplace in the world by Great Place to Work, we take pride in our optometrist-owned business model, providing quality eyecare and affordable eyewear to Canadians across the country.

Our journey began 40 years ago in the UK, with visionary optometrists Doug and Mary Perkins. Today, we support over 2,700 healthcare businesses, passionately caring for more than 44 million patients and customers worldwide.

At Specsavers, we believe that access to quality eyecare should be a right, not a luxury. That's why we go above and beyond to transform the eyecare experience in Canada. With our advanced clinical equipment and an extensive range of affordable and high-quality eyewear, we're here to make a real difference in the lives of our customers.

But that's not all - we're also dedicated to fostering a positive, inclusive and supportive work culture. We strive to create an environment where our partners thrive while benefiting from the collective support and resources of our dedicated teams.

If you're passionate about making a difference, providing incredible care, and being part of a values and purpose-driven organization, join us on our journey to revolutionize the way Canadians experience eyecare. Together, we can change lives through better sight.

What You'll Do

This is a role within the Specsavers Information Security team reporting to the Global GRC Manager. The Information Security Officer role (ISO) will own the management of Infosec Governance, Risk and Compliance within the North America region and be a facilitator for services that come from the Global Infosec team. This role helps to deliver the Global GRC Program for Specsavers. These services will include day to day oversight, and risk management of key systems, information security management and interaction with the business, Group Information Security and IT teams.

Purpose of the role

of information risk to Specsavers. It requires a broad knowledge of risk management and assurance activities across technology, process and governance. It also requires an ability to balance a hands-on approach to security management where necessary, with an ability to self-direct, prioritise and manage work as above plus the quality of service provided to Specsavers regardless of delivery method (internal or 3rd party) with respect to information security.

Security processes and services within Specsavers are in a continuous state of improvement and a key part of this role will be to work with the Global GRC Manager to help them define and regulate these as part of the virtual security team.

Key Responsibilities

• Provide expert guidance on PCI-DSS, ISO27001, NIS CAF, and information security risk management.
• Support compliance efforts and ensure conformance with relevant security standards and frameworks.
• Develop and maintain security policies aligned with legislation, especially for the Canada region, and review them annually.
• Coordinate security initiatives and training with stakeholders across the business.
• Ensure strong information governance by collaborating with Data Privacy leads and participating in relevant forums.
• Monitor and report on security posture, including maintaining risk and control registers and providing KPI-based updates to risk owners.
• Advise on security in projects and IT changes, contributing to CAB discussions and architectural planning.
• Respond to audits and incidents, implementing recommendations and managing threat intelligence locally.
• Engage with the global InfoSec team, sharing feedback and aligning with global practices and technologies.
• Balance operational and improvement work, prioritising tasks, managing workloads, and adapting to organisational changes.
• Assist in designing and implementing a resilient Information Security architecture through the facilitation of requests into the Group Infosec architecture team.
• Consume threat protection, monitoring, and incident response capabilities from the Group Infosec team and manage these locally.
• Consume threat and vulnerability feeds from the Group Infosec team and manage local resolver groups where appropriate.

What We're Looking For

• Extensive experience in information security governance, risk, assurance, and management.
• Formal qualifications in information security (e.g., CISSP, CISM, CRISC, CDPSE).
• Proven ability to develop and manage IT security compliance frameworks (e.g., ISO27001, CIS 8, NIS).
• Strong leadership in mentoring and guiding team members.
• Resilience under pressure, maintaining effectiveness in high-pressure situations.
• Excellent communication and presentation skills, with the ability to engage across all organisational levels.
• Deep knowledge of security control standards (e.g., CIS 8, ISO 27002, NIS CAF, NIST).
• Expertise in risk assessment and configuration / change management processes.
• Strategic thinking with a focus on aligning security with business objectives.
• Collaborative mindset, working effectively with cross-functional teams and stakeholders.

Nice to have

• Demonstrable experience gained within the IT industry within a retail environment.
• Has developed organisations from a low Infosec maturity state to medium or advanced.
• Have an understanding of medical or clinical regulations that relate to cyber security such as HIPAA, PIPEDA or PHIPA within the Canadian or North America regions.
• 1 extra paid day off and an eyecare voucher on your birthday
• RRSP matching
• Quarterly performance bonus
• Healthcare spending account
• Health and dental benefits effective on your first day
• Team and company social events
• Collaborative : We work together as one Specsavers to deliver our purpose
• Curious : We question, explore, and seek out diverse perspectives to develop our knowledge and understanding
• Courageous : We challenge the status quo, we experiment with good ideas, and we are brave, bold, and fast in our decision making
• Compassionate : We care, support, and help each other
• Commercial : We treat money wisely and make decisions that are good for our customers, our partners, our people, and good for the long term

We hope that in applying with us, you value these things as well!

Our Hybrid Work Model

Be part of the dynamic culture! Our workplace thrives on a hybrid model, combining in-office collaboration and flexibility. Join us in office, three days a week to contribute, connect and excel in our vibrant environment.

Equal Opportunity Employer

At Specsavers, we are committed to fostering a diverse and inclusive workplace. We believe that a diverse team enriches our work environment and enables us to achieve our goals. We are an equal opportunity employer and encourage candidates of all backgrounds and abilities to apply. If you believe you can contribute to our mission and vision, we welcome your application, even if you don't meet every qualification listed. We value the unique skills and perspectives each individual brings to our team.