Information Security Compliance Manager Biggin Hill, England
Formula 1
Full Time
Biggin Hill, England
26100 - 75000 GBP ANNUAL Today
Job description
Main Duties and Responsibilities
Working closely with the wider F1 Information Security team, you will use your knowledge to play a key role in overseeing F1’s security risk & compliance programs and focus on planning and implementing strategies for data governance and protection.
Main Duties and Responsibilities
- Supporting a small but high performing team focused on Governance, Risk & Compliance activities, reporting into the Information Security Manager
- Input into and drive forward F1’s security roadmap across Security Operations, Engineering & Architecture, and Governance Risk & Compliance.
- Oversee security compliance activities including ISO27001, PCI DSS, Cyber Essentials, continually seeking for more efficient, automated controls and ways of working.
- Input into security policies, standards, and procedures/processes that are suitable for the business and ensuring they are applied across relevant technology projects, systems, and services.
- Play a key role in implementing F1’s Data Governance and Data Loss Prevention (DLP) strategy, ensuring technologies, policies, and procedures are defined and implementing appropriately, working closely with the wider business.
- Review & help to define F1’s Incident management procedures/playbooks
- Define and manage a control assessment / assurance program to continually ensure security controls are operating effectively.
- Provide expertise in risk management and develop a scalable system for managing security risks, leveraging F1’s existing RM framework.
- Help in managing third party supplier security/compliance assessments, building relationships with key suppliers and outlining steps for security improvements where appropriate.
- Define and monitor security related performance metrics, communicate and present security updates to Information Security Manager and senior Management.
- Work with stakeholders and business units to identify and record details of data processing and advise on data lifecycle management (including identification, classification, retention, and deletion)
Skills / requirements
- Strong background implementing and managing security and regulatory frameworks including ISO27001, PCI DSS, Cyber Essentials, GDPR/DPA
- Data Loss Prevention – tools/technologies, data discovery & classification, policies & procedures
- Strong understanding of IT infrastructure, architecture, and information security.
- Knowledge of security tools & technologies within a large & complex environment including anti-malware / EDR, SIEM, DLP, etc.
- Background in security governance of a large supply-chain including security audits/assessments, reporting, and defining and implementing improvement roadmaps
- Experience in defining and implementing data governance projects within organisations, setting out plans and strategies for data discovery, classification, retention, and disposal.
- Experience in implementing security solutions across growing cloud environments and infrastructure.
- A track record of supporting multiple projects simultaneously
- Great interpersonal skills with experience in collaborating with colleagues across all seniority levels
INDHP
Formula 1
https://www.formula1.com/
London, United Kingdom
Stefano Domenicali
Unknown / Non-Applicable
501 to 1000 Employees
Company - Private
Sports & Recreation
