Chief Cyber, Risk & Compliance Officer

London

Applications have closed

WPP

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, clients and communities.

View all jobs at WPP

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.

Working at WPP means being part of a global network of more than 115,000 accomplished people in 110 countries. WPP has headquarters in New York, London and Singapore and a corporate presence in major markets worldwide.

We create transformative ideas and outcomes for our clients through an integrated offer of communications, experience, commerce, and technology.

WPP and our award-winning agencies work with most of the world's biggest companies and organisations – from Ford, Unilever and P&G to Google, HSBC, and the UN. Our clients include 61 of the FTSE 100, 307 of the Fortune Global 500, all 30 of the Dow Jones 30 and 62 of the NASDAQ 100. WPP are the leader in the Bloomberg Gender Equality Index and 20th in the FTSE 100 rankings for Women on Boards.

WPP is currently driving the industry’s largest business transformation across the marketing and advertising sector.  Dominic Shine has recently joined as our Global CIO and is driving a major transformation of our Enterprise Technology capabilities across the group.  Key to this transformation is the strengthening of the Global Enterprise Technology Leadership Team and the introduction of a new operating model which will see 2500+ technology professionals across the group come together to form an integrated global team that services and enables the ongoing transformation of our agencies and functions.

The Chief Cyber Risk and Compliance Officer will play a key role on the WPP enterprise technology leadership team leading the further development, delivery and operation of our Technology Cyber, Risk Management and Compliance capabilities.

The cyber aspects of the role include primary accountability for Security Operations, Security Architecture and Tools working in close partnership with the CISO in the Legal team who is focused on Investigations, Security awareness and culture and client-related security aspects.  Most of the security focused resources in WPP sit in the team directly managed by the CCRCO.

The risk and compliance aspects of the role include global accountability for management of relevant SOX and other regulatory controls, technology audit and risk issue resolution and overall compliance for the Enterprise Technology group working in close partnership with leaders in the Internal Audit, Risk, Legal and Compliance functions globally

Key Accountabilities

Strategic Leadership:

  • Develop and implement the organization's cyber, risk management and compliance strategy in partnership with the WPP CIO and the WPP CISO and the HQ Legal function
  • Collaborate with senior ET leaders to align cyber and risk strategies with business objectives
  • Drive initiatives across ET and our agencies to enhance the organization's security posture and compliance status.

Security Operations:

  • Manage the 24/7 Security Operations function responsible for implementing and managing security technologies and processes
  • Ensure effective and preventative incident response, threat detection, and vulnerability management.
  • Monitor, report and manage security incidents and compliance breaches, implementing corrective actions as needed
  • Responsible for the end-to-end lifecycle management of strategic Cyber solutions. Supporting with the identification and remediation of vulnerabilities and enabling secure creation and storage of WPP code, compliant with WPP Cyber security standards
  • Responsible for driving Security Operations Centre (SOC) and Integrated Operations Centre (IOC) improvement plans and continuing to mature these functions
  • Providing cyber and risk updates to the WPP Plc board in partnership with the WPP CISO

Risk Management and Compliance:

  •  Manage the Head of risk and compliance and ensure effectiveness of Cyber, Risk and Compliance leads in the CIO cluster matrix teams - ensuring that applications and customer bids comply with data and technology controls and performing assurance, risk and audit work
  • Oversee the identification, assessment, and mitigation of cyber risks across WPP using technology risk framework (central repository for all technology risks)
  • Ensure compliance with relevant regulations, standards, and best practices
  • Develop and maintain policies, procedures, and guidelines to support compliance efforts
  • Ensure that SOX requirements are met and relevant committees are updated on risk and remediation plans
  • Partnering with crisis management and business resilience function (in legal) to ensure corrective actions are in place to ensure operational continuity and business planning

Stakeholder Engagement:

  • Experience working with other senior leaders in a matrix structure and empowering reports to work in service of agency needs 
  • Close partner and collaborator with stakeholders responsible for managing cybersecurity and risk (CISO, Head of internal audit), CIOs of Agency Clusters (Media, Creative and Production, PR & Specialist)
  • Ability and experience working with agency stakeholders and managing risk in a highly decentralised and entrepreneurial organisation  
  • Act as the primary liaison for cyber, risk and compliance matters with internal and external stakeholders
  • Communicate effectively with executives, auditors, regulators, and business partners
  • Develop and maintain strong relationships with relevant industry bodies and regulatory authorities

Reporting and Analysis:

  •  Prepare and present regular reports on cyber risk and compliance metrics to executive management, audit committee and WPP Board
  • Analyse trends and emerging threats, recommending proactive measures to mitigate risks

Experience

  • At least 10 years of experience in cybersecurity, risk management, and compliance, with at least 5 years in a leadership role
  • Extensive experience leading and building global teams across cyber, risk and compliance capabilities
  • Strong knowledge of industry standards and regulations such as NIST, ISO, GDPR, and HIPAA, relevant certifications such as CISSP, CISM, CRISC, or similar are highly desirable

Skills

  • Strong influencer with demonstrable experience of leading and evolving Cyber, risk and Compliance posture across a global organisation
  • Experience presenting to and communicating at Board level and to c-suite stakeholders
  • Experience building and leading globally distributed teams and embedding effective ways of working 
  • Strong track record of delivery across highly complex global programmes with high-pressure and high risk
  • Deep technical knowledge across technology statutory and regulatory standards and Risk Management (SOX, NIST, PCI, ISO, GDPR etc.)
  • Bachelor’s degree in Information Security, Computer Science, or a related field is desirable

Behaviours

  • Strong business focus-centred, understanding of agency and client needs around an appropriate approach to cyber risk and compliance in a media/advertising context 
  • Knowledge of software design, development, and architecture including Saas & Public Cloud environments
  • Exceptional track record of building / leading diverse, high performing, operations / shared service teams from the ground up
  • Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders (CIO, CTO, CSO)
  • Critical, creative, and strategic thinker who is comfortable with ambiguity and has a data-driven approach to solving complex problems
  • Comfortable operating in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity
  • External awareness of the skills and capabilities required in enterprise technology compliance and risk as the organisation transforms and opportunities to leverage technology matures

WPP is an equal opportunity employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability. We believe in creating a dynamic work environment that values diversity and inclusion and strives to recruit a diverse slate of candidates to help us achieve that goal.

Please read our Privacy Notice (https://www.wpp.com/people/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  8  1  0

Tags: C CISM CISO CISSP Cloud Compliance Computer Science CRISC GDPR HIPAA Incident response NIST Privacy Risk management SaaS SOC SOX Strategy Threat detection Vulnerabilities Vulnerability management

Region: Europe
Country: United Kingdom

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.