IT Risk & Compliance Manager

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.

Working at WPP means being part of a global network of more than 100,000 talented people dedicated to doing extraordinary work for our clients. We operate in over 100 countries, with corporate headquarters in New York, London and Singapore.

WPP is a world leader in marketing services, with deep AI, data and technology capabilities, global presence and unrivalled creative talent. Our clients include many of the biggest companies and advertisers in the world, including approximately 300 of the Fortune Global 500.

Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. 

Why we're hiring:

WPP ET provides IT services for WPP, group owned operating companies and agencies. The WPP group is the world’s largest communications services group, and as a creative transformation company, WPP is helping its clients transform the future through extraordinary work.  WPP IT is an integral part of that journey, and we are proud to provide technology for some of the world’s most creative brands.

As part of the organisational design initiative at WPP the Group CIO has created a new Target Operating Model (T.O.M), which  consist of 4 distinct business clusters in the group. These are: Integrated Creative, Media, Production, PR & Specialist and the Corporate Business Cluster.

You will bring deep expertise in managing SOX ITGC audits, risk, and compliance standards, frameworks, and methodologies for publicly listed organisations to strengthen the risk and compliance posture. As part of the Corporate Cluster, you will implement WPP CCRCO mandated processes and practices across WPP HQ functions.

Actively managing and driving SOX audit remediation, you will oversee technology risk resolution, communication, and collaborate with the Corporate Director of Cyber Risk & Compliance to prioritise remediation efforts, minimizing impact on the Corporate Cluster and the wider WPP group.

Who you'll be working with:

WPP Enterprise Technology are proud technology solutions partner for WPP Corporate Functions. Our collaboration is instrumental in coordinating and assuring end-to-end change delivery, managing the IT technology lifecycle, and maintaining a robust innovation pipeline. The CRC discipline within WPP ET plays a crucial role in this partnership. We are responsible for providing advisory and support to the corporate business cluster on critical areas such as Technology Audits, Technology Risks, Control Assurance, and Technology Compliance. Our objective is to ensure that all central functions at WPP HQ operate in a safe, secure, and compliant manner.

The CRC function in the Corporate Business Cluster drives compliant IT operations for WPP HQ teams, managing Legal, regulatory, and contractual obligations. As a Risk & Compliance Manager, you will play a critical role in developing and implementing a world-class technology risk and compliance program to support WPP HQ Finance Functions. You will collaborate with the WPP Chief Cyber, Risk and Compliance Officer (CCRCO), WPP CISO, Director of Cyber, Risk and Compliance, and WPP HQ Finance department heads to set the CRC function's vision and strategy, and manage escalations for technology operational risks, compliance, audit, BCP, and DR assessments. As an SME, you will lead and develop a highly effective risk and compliance function, strengthening defences and promoting a proactive, collaborative approach. You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the Corporate Cluster and the WPP Group.

What you'll be doing:

• Work closely with and assist CRC department head in developing a risk and compliance strategy for the corporate cluster that is aligned to WPP ET and CRC strategies.
• Establish technology risk & compliance community across the range of WPP HQ functions to drive the implementation and standardisation of agreed security governance, risk & compliance approach.
• Drive the Cluster’s CRC strategy and approach, by closely working with Corporate CRC Director CRC Discipline Lead and other ET stakeholders.
• Drive BC/DR planning to the appropriate level across the Cluster and ensure BC/DR plans are updated and reviewed annually.
• Conduct and support Technology Risk Assessments – e.g., quarterly risk landscaping - owning and driving Cluster-specific risk mitigation actions.
• Respond to tracking and reporting from Internal, External or Client Audit findings within the Corporate Cluster.
• Conduct CRC Cluster self-certification and self-monitoring of IT controls, and maintain an active liaising channel with the IT Ops function at WPP group level.
• Support CRC Cluster-wide input into the WPP IT Asset Register and CMDB owned by IT Ops teams.
• Be CRC point of contact for relevant business stakeholder escalations relating to Technology risk and compliance. Lead and oversee resolution of the most complex, critical, and impactful risk & compliance issues.
• Work across the CRC Cluster teams like Operational Security, Technology Operations, and Strategy and Architecture to design controls, deliver management information (KRIs) and risk mitigation plans.
• Drive engagement, comms and adoption for all risk, compliance and security tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently.
• Design and deliver a range of educational activities and material to embed a strong SOX Compliant culture, mindset and behaviours across the Cluster.
• Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capability.
• Ensure that the Corporate Function remains compliant with national legislative, regulatory, contractual and WPP technology governance obligations.
• Support Cluster teams and functions during client pitch for winning new work by providing a compelling narrative to our prospective clients around the strength of our risk, compliance and security proposition.

What you'll need:

• A minimum of 5 to 7 years of strong and deep background in managing SOX ITGC audits in complex global organisations.
• Key certifications (e.g. CISA, CRISC, CISSP, CISM, Azure & Dynamic 365) desirable but not essential
• Degree or equivalent (i.e. BSc, BEng, MSc) desirable but not essential
• Comprehensive knowledge of information security risk standards, frameworks and best practices (i.e., COBIT, SOX ITGC, ISO27K1, NIST, CIS, SOC, Cyber Essentials, GDPR)
• Ability to provide leadership on complex and unfamiliar situations, often involving risk and emotion
• Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders
• Able to lead highly complex programmes across multiple units and geographies with high-pressure deliverable
• Risk and Compliance subject-matter-expert with in-depth knowledge of technology governance in the cloud and on-prem IT technologies
• Good understanding of managing internal and external audits (i.e., SOC:1-2, SOX) and assurance activities, including testing the design and operational effectiveness of security controls
• Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity
• A genuine desire to lead, develop, coach and mentor junior team members 

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

#LI-Onsite

We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.

WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.

Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.