IT Compliance & Cyber Security Assurance Manager

WPP IT provides IT services for WPP, the world’s largest communications services group. As a creative transformation company, WPP is helping its clients transform the future through extraordinary work. WPP IT is an integral part of that journey and we are proud to provide technology for some of the world’s most creative brands.

#LI-Hybrid

Visit our LinkedIn page to see what we're up to!

Why we're hiring:

At WPP, technology is at the heart of everything we do, and it is WPP IT’s mission to enable everyone to collaborate, create and thrive. WPP IT is undergoing a significant transformation to modernise ways of working, shift to cloud and micro-service-based architectures, drive automation, digitise colleague and client experiences and deliver insight from WPP’s petabytes of data. 

As we progress on this journey, we need to evolve our IT Compliance capabilities to be future ready and assure our global transformation whilst remediating today’s world. You will play a critical role in developing and implementing a world class IT Compliance function to make it easy to do business whilst protecting WPP.  

You will design and implement IT compliance and security controls to protect the organization's computer networks from cyber-attacks. You will also help develop organization wide best practices for IT security. You will monitor and assure that controls are operating effectively to instigate corrective action for all none compliance issues or breaches you find.  

What you'll be doing:

• Design the Security, Risk and Compliance Strategy to embed a culture of risk management and controls awareness and adoption 
• Evaluate the controls, mitigations and components that are in place to safeguard information assets. Taking personal reasonability for supporting operational owners in delivering the necessary controls and risk mitigations 
• Evaluate the adequacy and effectiveness of the IT systems and internal controls against requirements, policies and regulations. Required to research, interpret, and evaluate the compliance expectations against standards, security, contractual requirements or government regulations.  
• Set standards for how empirical evidence is collected and stored to prove levels of compliance. 
• Interpret security controls accurately with regard to system security posture, policy updates and configuration for information systems with regard to security and event logs 
• Plan, deliver and conduct formal evaluations of IT system components for control design and effectiveness. This includes efficiency and security protocols, development processes and IT governance. Identify, document, summarize and present findings from their analysis work to the IT MD and leadership team, including recommendations and possible corrective actions to either resolve know issues or mitigate the potential opportunity for unacceptable risks.   
• Ensure that there is clearly defined and real responsibility for IT application compliance and security. To empirically consider if the controls are installed as intended, if they are effective, or if any breach in security has occurred and if so, what actions can be done to prevent future breaches. Acting in an independent way whilst providing close support to operational owners. 
• Holding operational teams to account for compliance and security control by Scheduling and chairing meetings, maintaining one-truth reporting and action tracking, maintaining the one-truth position that becomes the formal record of progress.  
• Use expert knowledge, experience & learning to propagate knowledge to transform the organisation into a culture where operational compliance controls are prioritised and comprehensively delivered. 

What you'll need:

• Has experience with working with and as a part of teams distributed around world, particularly experience in leading teams in India and the USA would be an advantage. 
• Strong experience of writing briefings and communicating Cyber security threats to senior executives. 
•  Is able to bring academic learnings, necessary understanding and skills to help drive high-level business strategy associated with cyber security. 
• Strong experience leading and building technology risk, compliance, and controls  
• Track record of building / leading diverse, high performing, operations / shared service teams from the ground up and comfortable working with autonomy 
• Strong technical knowledge across of IT standards and governance, risk and control frameworks (SOX, IT General Controls, PCI, ISO etc.) 
• Ability to provide leadership on complex and unfamiliar situations, often involving risk and emotion 
• Excellent communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders 
• Critical, creative and strategic thinker who is comfortable with ambiguity and has a data-driven approach to solving complex problems 
• Able to lead highly complex programmes across multiple units and geographies with high-pressure deliverable 
• Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity 
• Ability to develop, drive and embed efficient business processes and demonstrate the value of IT risk and compliance initiatives 
• External awareness of the skills and capabilities required in security and IT as the organisation transforms and opportunities to leverage technology matures 
• Experience working in Business Continuity, Third party Risk , Cyber Threats, Data Protection and SOX Controls. 
• Knowledge about the 3 levels of defence model  

Who you are:

You’re open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You’re optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with confidence: to try the new and to seek the unexpected.

You’re extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we deliver extraordinary every day.

What we'll give you:

Passionate, driven people – We champion a culture of people that do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and deliver projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?