Vulnerability Detection and Reporting Manager

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.

Working at WPP means being part of a global network of more than 100,000 talented people dedicated to doing extraordinary work for our clients. We operate in over 100 countries, with corporate headquarters in New York, London and Singapore.

WPP is a world leader in marketing services, with deep AI, data and technology capabilities, global presence and unrivalled creative talent. Our clients include many of the biggest companies and advertisers in the world, including approximately 300 of the Fortune Global 500.

Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. 

Why we're hiring:

WPP ET provides IT services for WPP, the world’s largest communications services group. As a creative transformation company, WPP is helping its clients transform the future through extraordinary work. WPP ET is an integral part of that journey, and we are proud to provide technology for some of the world’s most creative brands.

At WPP, technology is at the heart of everything we do, and it is WPP ET’s mission to enable everyone to collaborate, create and thrive. WPP ET is undergoing a significant transformation to modernise ways of working, shift to cloud and micro-service-based architectures, drive automation, digitise colleague and client experiences and deliver insight from WPP’s petabytes of data.

As we progress on this journey, we need to evolve how we protect our customers, employees, and shareholders for today and the future. You will play a critical role in developing and implementing a world class information security programme to protect WPP Group from cyber threats. This is an essential role, supporting WPP ET to deliver its purpose to design, build, run and transform all current and future IT services which underpin the One WPP strategy.

The primary purpose of the Vulnerability Detection & Reporting Manager is to:

Lead the delivery, ongoing support and maturity of the Operational Security Vulnerability Management and Vulnerability Remediation process.

What you'll be doing:

• Working under the direction and guidance of the Head of SECOPS, you will manage, support and mature a global vulnerability management and vulnerability remediation function.
• Mentor and line manage a global team of Operational Security VMS analysts.
• Collaborate with key stakeholders to drive VM findings visibility and associated remediation actions across linked ET and wider WPP functions.
• Ensure accurate, pragmatic and timely technical Vulnerability guidance regarding detections and remediation/mitigation activities are provided to key stakeholders.
• Develop and deliver Vulnerability Management artefacts including technical documentation, methodologies, standards, process\procedures, requirements, test plans and reports.
• Support and contribute to the delivery of a wider Information Security Management System.
• Work closely with the Cyber Security Systems & Engineering Lead, Security Architects and Technology Operations Teams to ensure the correct operation, and optimal configuration of the Vulnerability Management and remediation toolsets.
• Build, maintain and enrich a wider suite of security controls using knowledge and awareness from vulnerability intelligence feeds (NCSC, CISA, SANS).
• Articulate vulnerability information into clearly defined business risk.
• Deliver and present appropriate KPI, KRI and other requisite reporting to the Head of SECOPS and Director of Operational Security.
• Act as a Vulnerability Management SME for projects and initiatives relevant to the role. Provide a point of escalation to VM team members and the wider organisation.
• Working closely with WPP technology teams, build professional relationships to ensure cooperation between stakeholders and Operational Security.
• Lead and direct third-party suppliers to ensure VM services are provided effectively, within project timescales and any associated service level agreements.

What you'll need:

• Cyber Security certifications (i.e. CISA, CISSP, CISM) desirable but not essential.
• Degree or equivalent (i.e. MBA) desirable but not essential.
• Relevant technical certifications (CREST, GPEN).
• A Strong, hands-on technical background in cyber/information security.
• Knowledge of securing network technologies, client and server operating systems, security data, information and intelligence.
• Stakeholder management.
• Able to take a pragmatic approach to Cyber Security by identifying, understanding and clearly articulating risk.
• Experience of providing Vulnerability Management expertise to Enterprise-wide Cyber Security Change programmes.
• Experience in a similar role within a large, complex, and technologically diverse organisation.
• Must have in depth technical knowledge of security technologies including but not limited to:
  • Penetration testing tools and methodologies
  • Vulnerability Management toolsets
  • Application components
  • Attack Surface Management tools
  • Cloud Security Centres
  • TCP-IP Networking
  • Internet Technologies
  • Cyber Threat Intelligence solutions

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

#LI-Onsite

We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.

WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.

Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.