Listing Description

#LI-Hybrid

Why we're hiring:

At WPP, technology is at the heart of everything we do, and it is WPP IT’s mission to enable everyone to collaborate, create and thrive. WPP IT is undergoing a significant transformation to modernise ways of working, shift to cloud and micro-service-based architectures, drive automation, digitise colleague and client experiences and deliver insight from WPP’s petabytes of data.

As we continue on this journey, we need a Security M&A Specialist to work as part of the team Cyber Security Team on the end-to-end supply chain security lifecycle.

You will work closely with a business Archetype and third-party stakeholders to ensure that requisite security controls are embedded within WPP IT’s external partners services and that they adhere to the provisions of the Security Charter.

The role holder will participate in supplier selection activities and contract negotiations and on ensuring existing suppliers meet the security provisions within the relevant contracts. They will work closely with procurement, senior management, security teams, architects and ensuring supplier risks are understood and mitigated.

The Security M & A Specialist will also lead the Cyber teams involvement in advising and guiding on security requirement during mergers and acquisitions and will compile and produce supply chain risk and security metrics and reports

What you'll be doing:

• Production of relevant artifacts and processes to ensure security requirements are embedded into mergers and acquisitions processes


• Engagement and follow-up post Acquisition activity with acquired Opco to ensure security alignment with WPP standards


• Participate in security assurance during Supplier Selection working closely with WPP IT procurement and other teams


• Participate in ensuring that the security of WPP related data and services handled by existing providers are regularly assessed and adhere to contractual obligations


• Responsible for supply chain security assessments as allocated


• Responsible for maintaining a security schedule against allocated Archetype that meets the provisions of the security charter and is aligned with relevant industry security standards.


• Ensure that internal projects and buyers follow agreed security process and schedules for allocated Archetype during procurement processes.


• Assess and track requisite supplier security remedial activities


• Participate in the Compilation and production of detailed security metrics and reporting

What you'll need:

• Strong communication and negotiation skills


• Ability to influence third-party stakeholders to deliver change


• Skilled in educating and guiding those around you to ensure security is embedded within all relevant processes


• Experience of contract reviews and negotiations specifically in security schedules, security SLA’s, audits and security requirements


• Good understanding of security industry standard risk control frameworks e.g. ISO 27001, NIST

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are accepting: of new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We promote a culture of people that do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?