Risk and Compliance Senior Analyst

London

Applications have closed

WPP

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, clients and communities.

View company page

WPP is the transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.

Working at WPP means being part of a global network of more than 100,000 accomplished people in 110 countries. We create transformative ideas and outcomes for its clients through an integrated offer of communications, experience, commerce, and technology. WPP and our award-winning agencies work with most of the world's biggest companies and organisations – from Ford, Unilever and P&G to Google, HSBC, and the UN. Our clients include 61 of the FTSE 100, 325 of the Fortune Global 500, all 30 of the Dow Jones 30 and 62 of the NASDAQ 100.

WPP has headquarters in New York, London and Singapore and a corporate presence in major markets worldwide. We are quoted on the London Stock Exchange and the New York Stock Exchange. Key performance indicators for WPP (2020) include Billings of £46.9bn and Revenue of £12bn.

Visit our LinkedIn page to see what we're up to!

Why we're hiring:

At WPP, technology is at the heart of everything we do, and it is WPP IT’s mission to enable everyone to collaborate, create and thrive. WPP IT is transforming to create our future IT together that will support the world’s largest creative transformation company. 

As we continue on this journey we have identified the need for a  Risk & Compliance Lead who will play a critical role in developing and implementing a world class information security risk and compliance programme to protect operating companies and agencies in the S&H archetype from cyber threats.  

Working closely WPP CSO organisation, WPP IT Security, and the OA department head you will assist in setting the vision and strategy for the OA function and be responsible for escalations relating to IT operations, risks, compliance, audit, BCP and DR assessments. As a subject-matter-expert you will be responsible for managing and developing a highly effective risk and compliance function that strengthens our defences and creates a proactive and collaborative approach to IT Security and IT Security risk management.  

You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the S&H Archetype and the WPP Group.  

The role holder will have a deep understanding of the information security risk standards, frameworks, and methodologies we can use to strengthen our risk and compliance posture. You will work across all OpCo’s and agencies part of the S&H archetype to implement agreed processes and practices mandated by WPP CSO organisation and WPP IT Security function.  

You’ll be able to actively manage live security risk issues from an issue resolution and communication standpoint and be able to prioritise remediation to minimise impact to the S&H archetype and the wider WPP group. 

 

What you'll be doing:

  • Establish security, risk & compliance community across the range of S&H agencies to drive the implementation and standardisation of agreed security governance, risk & compliance approach  
  •  Work to strengthen Archetype’s DR strategy and approach, working with S&H Archetype’s Operations Assurance Lead, Strategy & Architecture and other IT stakeholders  
  • Drive Business Continuity (BC) planning process to the appropriate level across the Specialist and Hogarth Archetype and ensure BC plans are updated and reviewed annually  
  • Conduct and support IT Risk Assessments – e.g., quarterly risk landscaping - owning and driving Specialist and Hogarth Archetype-specific risk mitigation actions  
  • Respond to tracking and reporting from Internal, External or Client Audit findings within the S&H Archetype  
  • Support S&H Archetype self-certification and self-monitoring for IT controls, and maintain an active liaising channel with the IT Ops function at WPP group level  
  • Support S&H Archetype-wide input into the WPP IT Asset Register and CMDB owned by IT Ops  
  •  Work across the S&H Archetype teams like IT Security, Global Technology Services, Digital Workplace and Strategy and Architecture to design controls, deliver management information (KRIs) and risk mitigation plans  
  • Drive engagement, comms and adoption for all risk, compliance and security tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently.  
  • Design and deliver a range of educational activities and material to embed a strong SecureIT culture, mindset and behaviours across the archetype.  
  • Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capability  
  • Ensure that S&H remains compliant with national legislative, regulatory, contractual and WPP security governance obligations.  
  • Support OpCo’s and Agencies in the S&H Archetype during client pitch for winning new work by providing a compelling narrative to our prospective clients around the strength of our risk, compliance and security proposition . 

 

What you'll need:

  • Certifications in security (i.e. CISA, CRISC, CISSP, CISM) desirable but not essential  
  • Degree or equivalent (i.e. BSc, BEng, MSc) desirable but not essential  
  • Comprehensive knowledge about Information Security risk standards, frameworks and best practices (i.e., ISO27K1, NIST, CIS, SOC:1-2 Cyber Essentials, GDPR)  
  • Strong and deep background in cyber / information security in complex global organisations  
  • Track record of building / leading diverse, high performing, operations teams from the ground up and comfortable working with autonomy  
  • Ability to provide leadership on complex and unfamiliar situations, often involving risk and emotion  
  • Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders  
  • Able to lead highly complex programmes across multiple units and geographies with high-pressure deliverable  
  • Risk and Compliance subject-matter-expert with in-depth knowledge of security governance in the cloud and on-prem IT technologies  
  • Good knowledge of qualitative, quantitative information security risk methodologies, and/or experience working with ISO31000 enterprise risk management standard  
  • Good understanding of managing internal and external audits (i.e., SOC:1-2, SOX) and assurance activities, including testing the design and operational effectiveness of security controls  
  • Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity  

 

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are accepting: of new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

 

What we'll give you:

Passionate, inspired people – We promote a culture of people that do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

WPP is an equal opportunity employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability. We believe in creating a dynamic work environment that values diversity and inclusion and strives to recruit a diverse slate of candidates to help us achieve that goal.

Please read our Privacy Notice for more information on how we process the information you provide.

Tags: Audits CISA CISM CISSP Cloud Compliance CRISC GDPR Governance Monitoring NIST Privacy Risk management Strategy

Region: Europe
Country: United Kingdom
Job stats:  5  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.