Main Duties and Responsibilities
Working closely with the wider F1 Information Security team, you will use your knowledge to play a key role in overseeing F1’s security risk & compliance programs and focus on planning and implementing strategies for data governance and protection.
Main Duties and Responsibilities
-
Supporting a small but high performing team focused on Governance, Risk & Compliance activities, reporting into the Information Security Manager
-
Input into and drive forward F1’s security roadmap across Security Operations, Engineering & Architecture, and Governance Risk & Compliance.
-
Oversee security compliance activities including ISO27001, PCI DSS, Cyber Essentials, continually seeking for more efficient, automated controls and ways of working.
-
Input into security policies, standards, and procedures/processes that are suitable for the business and ensuring they are applied across relevant technology projects, systems, and services.
-
Play a key role in implementing F1’s Data Governance and Data Loss Prevention (DLP) strategy, ensuring technologies, policies, and procedures are defined and implementing appropriately, working closely with the wider business.
-
Review & help to define F1’s Incident management procedures/playbooks
-
Define and manage a control assessment / assurance program to continually ensure security controls are operating effectively.
-
Provide expertise in risk management and develop a scalable system for managing security risks, leveraging F1’s existing RM framework.
-
Help in managing third party supplier security/compliance assessments, building relationships with key suppliers and outlining steps for security improvements where appropriate.
-
Define and monitor security related performance metrics, communicate and present security updates to Information Security Manager and senior Management.
-
Work with stakeholders and business units to identify and record details of data processing and advise on data lifecycle management (including identification, classification, retention, and deletion)
Skills / requirements
-
Strong background implementing and managing security and regulatory frameworks including ISO27001, PCI DSS, Cyber Essentials, GDPR/DPA
-
Data Loss Prevention – tools/technologies, data discovery & classification, policies & procedures
-
Strong understanding of IT infrastructure, architecture, and information security.
-
Knowledge of security tools & technologies within a large & complex environment including anti-malware / EDR, SIEM, DLP, etc.
-
Background in security governance of a large supply-chain including security audits/assessments, reporting, and defining and implementing improvement roadmaps
-
Experience in defining and implementing data governance projects within organisations, setting out plans and strategies for data discovery, classification, retention, and disposal.
-
Experience in implementing security solutions across growing cloud environments and infrastructure.
-
A track record of supporting multiple projects simultaneously
-
Great interpersonal skills with experience in collaborating with colleagues across all seniority levels
INDHP