Main Duties and Responsibilities

Working closely with the wider F1 Information Security team, you will use your knowledge to play a key role in overseeing F1’s security risk & compliance programs and focus on planning and implementing strategies for data governance and protection.

Main Duties and Responsibilities

  • Supporting a small but high performing team focused on Governance, Risk & Compliance activities, reporting into the Information Security Manager

  • Input into and drive forward F1’s security roadmap across Security Operations, Engineering & Architecture, and Governance Risk & Compliance.

  • Oversee security compliance activities including ISO27001, PCI DSS, Cyber Essentials, continually seeking for more efficient, automated controls and ways of working.

  • Input into security policies, standards, and procedures/processes that are suitable for the business and ensuring they are applied across relevant technology projects, systems, and services.

  • Play a key role in implementing F1’s Data Governance and Data Loss Prevention (DLP) strategy, ensuring technologies, policies, and procedures are defined and implementing appropriately, working closely with the wider business.

  • Review & help to define F1’s Incident management procedures/playbooks

  • Define and manage a control assessment / assurance program to continually ensure security controls are operating effectively.

  • Provide expertise in risk management and develop a scalable system for managing security risks, leveraging F1’s existing RM framework.

  • Help in managing third party supplier security/compliance assessments, building relationships with key suppliers and outlining steps for security improvements where appropriate.

  • Define and monitor security related performance metrics, communicate and present security updates to Information Security Manager and senior Management.

  • Work with stakeholders and business units to identify and record details of data processing and advise on data lifecycle management (including identification, classification, retention, and deletion)

Skills / requirements

  • Strong background implementing and managing security and regulatory frameworks including ISO27001, PCI DSS, Cyber Essentials, GDPR/DPA

  • Data Loss Prevention – tools/technologies, data discovery & classification, policies & procedures

  • Strong understanding of IT infrastructure, architecture, and information security.

  • Knowledge of security tools & technologies within a large & complex environment including anti-malware / EDR, SIEM, DLP, etc.

  • Background in security governance of a large supply-chain including security audits/assessments, reporting, and defining and implementing improvement roadmaps

  • Experience in defining and implementing data governance projects within organisations, setting out plans and strategies for data discovery, classification, retention, and disposal.

  • Experience in implementing security solutions across growing cloud environments and infrastructure.

  • A track record of supporting multiple projects simultaneously

  • Great interpersonal skills with experience in collaborating with colleagues across all seniority levels