Cyber Security Metrics Analyst

WPP IT provides IT services for WPP, the world’s largest communications services group. As a creative transformation company, WPP is helping its clients transform the future through extraordinary work. WPP IT is an integral part of that journey and we are proud to provide technology for some of the world’s most creative brands.

Visit our LinkedIn page to see what we're up to!

Why we're hiring:

At WPP, technology is at the heart of everything we do, and it is WPP IT’s mission to enable everyone to collaborate, create and thrive. WPP IT is undergoing a significant transformation to modernise ways of working, shift to cloud and micro-service-based architectures, drive automation, digitise colleague and client experiences and deliver insight from WPP’s petabytes of data. 

As we continue on this journey, we require a Cyber Security Metrics Analyst to define and enable requirements for cyber security delivery initiatives to improve both security processes and systems whilst ensuring consistent alignment to functional and non-functional requirements. They will collect, analyse and report on complex security metrics to help measure performance, drive delivery and continual improvement within Cyber Security and the wider organisation.   

Working closely with IT teams, Operational Assurance, and Operational Engineering teams as well as with our Business Practice leads around the organisation they will be accountable for managing key internal and external stakeholders.  

What you'll be doing:

• Evaluate the controls, mitigations and components that are in place to safeguard information assets. Taking personal reasonability for supporting operational owners in delivering the necessary controls and risk mitigations
• Evaluate the adequacy and effectiveness of the IT systems and internal controls against requirements, policies and regulations. Required to research, interpret, and evaluate the compliance expectations against standards, security, contractual requirements or government regulations. Set standards for how empirical evidence is collected and stored to prove levels of compliance.
• Interpret security controls accurately with regard to system security posture, policy updates and configuration for information systems with regard to security and event logs
• Plan, deliver and conduct formal evaluations of IT system components for control design and effectiveness. This includes efficiency and security protocols, development processes and IT governance. Identify, document, summarize and present findings from their analysis work to the IT MD and leadership team, including recommendations and possible corrective actions to either resolve know issues or mitigate the potential opportunity for unacceptable risks.
• Ensure that there is clearly defined and real responsibility for IT application compliance and security. To empirically consider if the controls are installed as intended, if they are effective, or if any breach in security has occurred and if so, what actions can be done to prevent future breaches. Acting in an independent way whilst providing close support to operational owners.
• Holding operational teams to account for compliance and security control by Scheduling and chairing meetings, maintaining one-truth reporting and action tracking, maintaining the one-truth position that becomes the formal record of progress.
• Use expert knowledge, experience & learning to propagate knowledge to transform the organisation into a culture where operational compliance controls are prioritised and comprehensively delivered.

What you'll need:

• Experience of working as a security analyst within large and complex cyber security change programmes 
• Able to work effectively with business practice leads, operational teams and identify any gaps in the functional and non functional design 
• Able to work on multiple initiatives simultaneously 
• Able to work in multiple functional domains and quickly develop an understanding of the security and system implications of business requirements in those domains 
• Able to work with business stakeholders to identify AS-IS and TO-BE processes and conduct security gap analysis 
• Experience of delivering Cyber Security Business Analysis within technology projects which have successfully implemented change across territories and into multiple and integrated systems affecting multiple business stakeholders 
• Strong leadership with demonstrable experience in leading meetings / discussions with stakeholders of all levels 
• High degree of competency in security business analysis skills, including requirements gathering and engineering, process mapping and modelling, data analysis and modelling, benefits mapping and realization, root cause analysis, acceptance criteria definition and assuring test cases. Has an appropriate qualification in Business Analysis or is prepared to study towards one 
• High degree of competency in using business analysis tools such as Visio, PowerPoint, Excel, Word and Jira and any other industry standard tools 
• Has a thorough understanding and experience working as a Business Analyst in both Agile and Waterfall methodologies producing user stories, use cases or requirements matrices as appropriate 
• Excellent verbal and written communication (including listening) skills and competent in the use of presentation skills with colleagues, suppliers, and customers 
• Demonstrate resilience and persistence and drive to maintain progress and resolve issues 
• Effective stakeholder and people management including strong negotiation skills 
• Ability to work autonomously and as part of a team 
• Solution focussed and highly collaborative; good problem-solving skills aligned with innovative and creative thinking 
• Deep functional cyber security domain knowledge and experience 

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are accepting: of new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We promote a culture of people that do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

WPP is an equal opportunity employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability. We believe in creating a dynamic work environment that values diversity and inclusion and strives to recruit a diverse slate of candidates to help us achieve that goal.

Please read our Privacy Notice for more information on how we process the information you provide.