On the track, Formula 1 is a team sport. And the business behind is the same. We’re looking for an Information Security Offer to join our Information Security team based in our Biggin Hill Campus.

The Information Security Offer will play a key role in delivering F1’s Information Security Governance, Risk, and Compliance (GRC) projects and activities.

Reporting into the Head of Information Security, you will:

• Monitor and manage compliance programs aligned to security frameworks and regulations such as ISO 27001, PCI DSS, GDPR. Where possible, recognising improvements and encouraging efficiencies and automation to controls, evidence gathering, and processes.
• Support the definition and growth of F1’s Security Control Framework. Taking a proactive approach to designing, assessing, and maintaining effective security controls across our various business functions.
• Provide expertise in risk management and the identification and assessment of security risks, ensuring they are appropriately reported on (through dashboards, reports, and workshops).
• Create, review, and maintain security policies, standards, and procedures; ensuring they are applied across relevant technology projects, systems, and services.
• Support in managing third party supplier security/compliance assessments, building relationships with key suppliers, and outlining steps for security improvements where appropriate.
• Coordinating internal and external security audits/reviews through delivery, evidence gathering, and reporting.
• Work with stakeholders to support F1’s data governance and security strategy across data discovery, processing, storage, classification, retention, and disposal. Support the implementation and maintenance of security controls for the protection of data. 
• Define and monitor security GRC related performance metrics, communicating and presenting updates to Senior stakeholders.

Specification Essentials:

• Degree or equivalent qualification in relevant fields
• Security certifications (ISO 27001 LI/LA, CISM, CISSP)
• Experience of successfully supporting information security GRC focused programs, including risk management activities
• Vendor/third party audit and compliance management
• Security compliance and regulatory requirements – ISO27001, PCI DSS, GDPR
• Incident Response, Business continuity / Disaster Recovery (BC/DR) planning and testing.
• Data governance & Data Loss Prevention (DLP) projects
• Legal & regulatory frameworks relevant to information security, including planned future changes
• Enthusiastic and passionate about driving security improvements across the company / wider industry
• Forward-thinking; ability to predict future organisational needs and foresee possible challenges
• Ability to cope under pressure and manage multiple important projects simultaneously
• Ability to communicate with different audiences both technical and non-technical
• Willingness to support F1 events / schedules across different time zones (on a rotational basis)

Desirable:

• GRC / Compliance frameworks e.g. ISO 27001 implementation / auditor, PCI DSS Assessor, etc.
• Management background / experience
• Security architecture / engineering / operations experience
• Understanding of security tools and technologies – AV, SIEM, DLP, CASB, etc

Join Team Formula 1, make it happen!

Division: