Risk and Compliance Manager

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.

Working at WPP means being part of a global network of more than 115,000 accomplished people in 110 countries. WPP has headquarters in New York, London and Singapore and a corporate presence in major markets worldwide.

We create transformative ideas and outcomes for our clients through an integrated offer of communications, experience, commerce, and technology.

WPP and our award-winning agencies work with most of the world's biggest companies and organisations – from Ford, Unilever and P&G to Google, HSBC, and the UN. Our clients include 61 of the FTSE 100, 307 of the Fortune Global 500, all 30 of the Dow Jones 30 and 62 of the NASDAQ 100. WPP are the leader in the Bloomberg Gender Equality Index and 20th in the FTSE 100 rankings for Women on Boards.

#LI-Hybrid

Visit our LinkedIn page to see what we're up to!

Why we're hiring:

The Creative IT team in Enterprise Technology are the technology solutions partner for the creative agencies, VML, Ogilvy and AKQA/Grey and are accountable for coordinating and assuring end-to-end change delivery, managing the creative agencies technology life cycle and innovation pipeline. 

With Close to 60,000 people and 4 core brands, the focus in our IT unit is around strategic partnership to enable business transformation, delivering solutions that enhance our businesses effectiveness and efficiency and support products that deliver work, engage clients and leverage collective intelligence.

The Cyber, Risk & Compliance (CRC) team in the Creative Cluster is responsible for ensuring safe and secure IT operations, protecting our customers, employees, and shareholders, whilst making sure we remain compliant with our legal, regulatory, and contractual obligations.  As a Risk & Compliance Manager you will play a critical role in developing and implementing a world class risk and compliance programme in the Creative Cluster.

You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the Creative Cluster and the WPP Group.

You’ll have a deep understanding of the information security risk standards, frameworks, and methodologies we can use to strengthen our risk and compliance posture.  You will work across all agencies part of the Creative Cluster to implement agreed processes and practices mandated by WPP Risk & Compliance function.

What you'll be doing:

• Establish risk & compliance community across agencies to drive the implementation and standardisation of risk & compliance approach
• Work to strengthen Archetype’s DR strategy and approach, working with Creative Cluster’s Cyber Risk & Compliance Director, Platform Director and other IT stakeholders
• Conduct and support IT Risk Assessments – e.g., quarterly risk landscaping - owning and driving Creative Cluster -specific risk mitigation actions
• Respond to tracking and reporting from Internal, External or Client Audit findings within the Creative Cluster
• Support self-certification and self-monitoring for IT controls, and maintain an active liaising channel with the IT Ops function at WPP group level
• Work across the Creative Cluster teams like Platforms, Tech Ops, and WPP CISO Office to design controls, deliver management information (KRIs) and risk mitigation plans
• Drive engagement, comms and adoption for all risk and compliance tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently.
• Ensure that Creative Cluster remains compliant with national legislative, regulatory, contractual and WPP security governance obligations.
• Be responsible more managing a team of risk and compliance analysts to support business functions in EMEA, AMER & APAC regions.

What you'll need:

• Risk and Compliance subject-matter-expert with in-depth knowledge of security governance in the cloud and on-prem IT technologies
• Comprehensive knowledge about Information Security risk standards, frameworks and best practices (i.e., ISO27K1, NIST, CIS, SOC:1-2 Cyber Essentials, GDPR)
• Degree or equivalent (i.e. BSc, BEng, MSc) desirable but not essential
• Certifications in security (i.e. CISA, CRISC, CISSP, CISM) desirable but not essential
• Good understanding of managing internal and external audits (i.e., SOC:1-2, SOX) and assurance activities, including testing the design and operational effectiveness of security controls
• Ability to provide leadership on complex and unfamiliar situations, often involving risk and emotion
• Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders
• Good knowledge of qualitative, quantitative information security risk methodologies, and/or experience working with ISO31000 enterprise risk management standard
• Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity
• A genuine desire to lead, develop, coach and mentor direct reports/team members

Who you are:

You’re open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You’re optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with confidence: to try the new and to seek the unexpected.

You’re extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we deliver extraordinary every day.

What we'll give you:

Passionate, driven people – We champion a culture of people that do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and deliver projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

WPP is an equal opportunity employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability. We believe in creating a dynamic work environment that values diversity and inclusion and strives to recruit a diverse slate of candidates to help us achieve that goal.

Please read our Privacy Notice (https://www.wpp.com/people/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.