Information Security Officer (ISO)

Location:
Biggin Hill
Function:
Engineering & Technical
Department:
IT
11 Oct 2021
About The Role

At Formula 1 our vision is to unleash the greatest racing spectacle on the planet.  Our key to success is an organisation that values passion, integrity and respect.  To help deliver against this global vision Formula 1 are looking for a driven and passionate information security professional.

This role is responsible for managing the Information Security Governance, Risk, and Compliance (GRC) activities, in compliance with F1’s information security policies and requirements.

Based at our Media and Technology Centre in Biggin Hill, this role forms a key part of Formula 1’s Information Security Team. 

 

The Role:

 

  • Lead in monitoring and managing compliance projects with security frameworks and regulations such as ISO 27001, PCI DSS and GDPR.
  • Provide expertise in risk management and the identification and management of security risks, ensuring they are assessed and reported.
  • Create, review, and maintain security policies, standards, and procedures.
  • Responsibility for managing third party supplier security/compliance assessments. 
  • Coordinating internal and external security audits/reviews through delivery, evidence gathering, and reporting.
  • Define and monitor security related performance metrics.
  • Work with stakeholders and business units to identify and record details of data processing and advise on data lifecycle management (including identification, classification, retention, and deletion)
  • Participate in security incident investigations and escalations and support incident response and BC/DR testing activities.
 

For further information, please refer to Additional information.

About You
With a proven track record working with information security frameworks and regulatory requirements, you will be used leading information security compliance projects, including risk management activities across complex environments.  Acting as an ambassador and advocate for all Information Security matters you will be comfortable dealing multiple stakeholders and audiences and translate technical content into business language. 

 

You have:

 

  • HNC, HND in Computing, Security, or a Degree in an IT related field. 
  • CISSP/CISM or similar qualifications.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST. 
  • Knowledge of Incident Response, Business continuity / Disaster Recovery (BC/DR) planning and testing. Awareness of secure development practices and how they integrate into product and project lifecycles
  • Compliance and regulatory requirements –PCI DSS, GDPR. 
  • Understanding of security tools and technologies, and their applicability and appropriateness to an organisation. 
 
 
As a united team we achieve great things together.  Are you ready to unleash your potential at F1?