Listing Description

WPP IT provides IT services for WPP, the world’s largest communications services group. As a creative transformation company, WPP is helping its clients transform the future through extraordinary work. WPP IT is an integral part of that journey and we are proud to provide technology for some of the world’s most creative brands.

YOUR ROLE IN A NUTSHELL: 
The S&H archetype together with WPP IT are the technology solutions partner for WPP Corporate Functions, Production, PR & Specialist Agencies and are accountable for co-ordinating and assuring end-to-end change delivery, managing the IT technology life-cycle and innovation pipeline.

WHAT YOU WILL SPEND YOUR TIME DOING:

The Operation Assurance (OA) team in the S&H archetype is responsible for ensuring safe and secure IT operations, protecting our customers, employees, and shareholders, whilst making sure we remain compliant with our legal, regulatory, and contractual obligations.  As a Risk & Compliance Manager you will play a critical role in developing and implementing a world class information security risk and compliance programme to protect operating companies and agencies in the S&H archetype from cyber threats. Working closely WPP CSO organisation, WPP IT Security, and the OA department head you will assist in setting the vision and strategy for the OA function and be responsible for escalations relating to IT operations, risks, compliance, audit, BCP and DR assessments. As a subject-matter-expert you will be responsible for managing and developing a highly effective risk and compliance function that strengthens our defences and creates a proactive and collaborative approach to IT Security and IT Security risk management.

You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the S&H Archetype and the WPP Group.

You’ll have a deep understanding of the information security risk standards, frameworks, and methodologies we can use to strengthen our risk and compliance posture.  You will work across all OpCo’s and agencies part of the S&H archetype to implement agreed processes and practices mandated by WPP CSO organisation and WPP IT Security function.

You’ll be able to actively manage live security risk issues from an issue resolution and communication standpoint and be able to prioritise remediation to minimise impact to the S&H archetype and the wider WPP group.

RESPONSBILITIES: 

• Work closely with and assist OA department head in developing an IT Security strategy for the S&H archetype that is aligned to WPP CSO and WPP IT strategies.


• Establish IT security community across the range of S&H agencies to drive the implementation and standardisation of agreed security governance and controls 


• Support IT security operations and design, providing critical Specialist and Hogarth Archetype context support and input to security assessments – including the consumption of security architecture, addressing security vulnerabilities, penetration testing and internal ethical hacking services


• Work closely with the IT Ops and CSO security teams to deal with security issues in the S&H archetype


• Ensure the knowledge, capability, capacity and readiness across the Specialist and Hogarth Archetype to identify the security requirements, to apply the appropriate security activities within their ‘patch’ and to respond/ escalate security threats and vulnerabilities.


• Drive the archetype’s IT security strategy and approach, by working with S&H Archetype’s Operations Assurance Dept Head, Strategy & Architecture and other IT stakeholders in the WPP Group


• Actively support archetype’s BCP, DR and Resiliency planning initiatives and assist Risk & Compliance lead with technical security operations knowledge


• Provide technical subject-matter-expertise in internal and external security assessments of BAU activities, projects, vendors, business partners and client contracts


• Be S&H point of contact for relevant business stakeholder escalations relating to IT security operations. Lead and oversee resolution of the most complex, critical, and impactful security events and incidents in relation to information security


• Work across the S&H Archetype teams like Risk & Compliance, Global Technology Services, Digital Workplace and Strategy and Architecture to design controls, deliver management information (KPIs) and security oversight using intelligent tools and dashboards   


• Drive engagement, comms and adoption for all IT security initiatives to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently.


• Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capability


• Ensure that S&H archetype remains safe and secure by advising all stakeholders to engineer services and solutions that are in line with WPP Security Charter and industry best practice


• Support OpCo’s and Agencies in the S&H Archetype during client pitch for winning new work by providing a compelling narrative to our prospective clients around the strength of our security posture

WHAT YOU'LL NEED: 

• Security Management Certifications (i.e., CISSP, CISM, ITIL) desirable but not essential


• Technical Security Certifications (MSCE/MCTS, Azure & O365 Security Certification, AWS Security Certification, CCNA, VMWare-VCP, CEH, CCSK, Security+, GSEC, Firewall Certification) desirable but not essential


• Degree or equivalent (i.e. BSc, BEng, MSc) desirable but not essential


• Comprehensive knowledge about Information Security standards, frameworks and best practices (i.e., ISO27K1, NIST, SANS, CIS, TOGAF, OWASP, Cyber Essentials)


• Excellent understanding of Windows, Linux & Mac systems, VMware, SANs, Networks, and Perimeter Security solutions (i.e., firewalls, mail gateways, load balancers, AV/MDR/XDR, IPS/IDS, SAML, LDAP, PKI, DNS, DHCP, PAM)


• Good understand of embedding security in SDLC and DevOps functions


• Strong and deep background in cyber / information security in complex global organisations


• Track record of building / specialist ing diverse, high performing, operations teams from the ground up and comfortable working with autonomy


• Ability to provide specialist ership on complex and unfamiliar situations, often involving risk and emotion


• Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders


• Able to lead highly complex programmes across multiple units and geographies with high-pressure deliverable


• Information Security subject-matter-expert with in-depth knowledge of security solutions in the cloud and on-prem IT infrastructure


• Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity


• A genuine desire to lead, develop, coach and mentor direct reports/team members

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are accepting: of new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We promote a culture of people that do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

If this role hasn’t captured your interest, that’s ok! Would you consider sharing your opinion?
  
At WPP, we’re always trying to improve our hiring process, so your feedback is appreciated. Don’t worry, all responses will not influence any future applications that you may make. 

https://forms.office.com/r/JdFf70VQdP