GCP Cloud Application Security Governance Specialist

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.

Working at WPP means being part of a global network of more than 115,000 accomplished people in 110 countries. WPP has headquarters in New York, London and Singapore and a corporate presence in major markets worldwide.

We create transformative ideas and outcomes for our clients through an integrated offer of communications, experience, commerce, and technology.

WPP and our award-winning agencies work with most of the world's biggest companies and organisations – from Ford, Unilever and P&G to Google, HSBC, and the UN. Our clients include 61 of the FTSE 100, 307 of the Fortune Global 500, all 30 of the Dow Jones 30 and 62 of the NASDAQ 100. WPP are the leader in the Bloomberg Gender Equality Index and 20th in the FTSE 100 rankings for Women on Boards.

Why we're hiring:

We are seeking a highly motivated and experienced Cloud Application Security Governance Specialist to join our team. In this role, you will be the champion for building and maintaining a strong security posture for all applications and their data hosted on Google Cloud Platform (GCP).

You will be responsible for designing, implementing, and overseeing a comprehensive security governance framework that aligns with industry best practices and regulatory requirements.

What you'll be doing:

• Strong understanding of cloud security principles and best practices, with a focus on GCP.
• Hands-on experience with GCP security services like would be a plus.
• Knowledge of application security concepts, vulnerabilities, and attack vectors.
• Familiarity with security standards and frameworks like ISO 27001, SOC 2, and CIS Benchmarks.
• Excellent communication and collaboration skills to work effectively with technical and non-technical teams.

Establish a Robust Security Governance Framework:

• Translate security standards and best practices (e.g., CIS Benchmarks, NIST CSF) into actionable policies, procedures, and guidelines for GCP applications.
• Define and manage the application security lifecycle, integrating security assessments and controls into each development phase.
• Proactively identify, assess, and prioritize application security risks, maintaining a centralized risk register.

Implement and Manage Key IT Security Controls:

• Access Control: 

• Enforce strong authentication mechanisms, including multi-factor authentication, for all users and accounts.
• Define and manage granular access controls based on the principle of least privilege.
• Conduct regular access reviews and promptly revoke access for terminated users or unused accounts.

• Data Protection: 

• Implement robust data protection measures to comply with global data privacy regulations (GDPR, CCPA, etc.).
• Enforce data encryption at rest and in transit for sensitive application data stored and transmitted within GCP.

• Vulnerability & Threat Management: 

• Establish a robust patch management process for application dependencies and infrastructure.
• Implement comprehensive security monitoring, logging, and alerting for applications, including vulnerability scanning, malware detection, and anomaly detection.
• Integrate security testing, including static code analysis and penetration testing, into the development lifecycle.

• Operational Security: 

• Utilize industry-standard security frameworks (e.g., CIS Benchmarks) to continuously assess and improve the security posture of applications on GCP.
• Involve in a third-party risk management program to assess and manage security risks associated with vendors and their integrations with applications.
• Maintain an accurate inventory of software licenses used by applications and ensure compliance.
• Implement and manage change management controls for applications, ensuring all changes are authorized, tested, and documented.

Foster a Culture of Security:

• Collaborate closely with development, operations, and security teams to ensure the successful implementation and operation of application security controls.
• Effectively communicate security risks and recommendations to stakeholders at all levels.
• Stay informed about emerging threats and vulnerabilities relevant to GCP applications and proactively implement mitigations.

Desired Skills and Experience:

• 5 + years of experience in product management, ideally within the Marketing ecosystem across strategy, creation, marketing, media, PR, brand and commerce.
• Proven track record of successfully bringing products / features to market as part of a SaaS offering.
• Proven track record of successfully launching and scaling products, with a strong understanding of SaaS business models.
• Experience working closely with professional services, deployment, and adoption teams to ensure successful product launches and client onboarding
• Strong decision-making skills, with the ability to weigh trade-offs, assess risks, and make data-driven decisions.
• Proven ability to influence and build consensus with senior leadership (C-suite and department heads) and navigate complex stakeholder relationships within a large organisation.
• Strong technical aptitude with the ability to understand complex technical concepts and communicate effectively with engineers.
• Experience working in an agile development environment, with a solid understanding of agile principles and methodologies.
• Ability to work autonomously, taking ownership of initiatives and driving them to completion with minimal supervision.
• Excellent communication, collaboration, stakeholder management, and problem-solving skills.
• Passion for AI, machine learning, and the future of marketing technology.

Who you are:

• Strong understanding of cloud security principles and best practices, specifically for GCP.
• Deep knowledge of application security concepts, vulnerabilities, and attack vectors.
• Experience in designing, implementing, and managing security governance frameworks for cloud applications.
• Familiarity with security standards and frameworks such as ISO 27001, SOC 2, CIS Benchmarks, and NIST CSF.
• Experience with security tools and technologies used for vulnerability scanning, data protection, logging, monitoring, and incident response.
• Excellent communication, collaboration, and problem-solving skills.

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are accepting: of new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We promote a culture of people that do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

WPP is an equal opportunity employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability. We believe in creating a dynamic work environment that values diversity and inclusion and strives to recruit a diverse slate of candidates to help us achieve that goal.

Please read our Privacy Notice (https://www.wpp.com/people/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.