Technical Security Governance Lead - Identity

<div class="content-intro"><p><strong>WPP is the trusted growth partner for the world’s leading brands.&nbsp;</strong></p> <p><strong>We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.&nbsp;</strong><br><strong>&nbsp;</strong><br><strong>We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.</strong><br><strong>&nbsp;</strong><br><strong>Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.&nbsp;</strong><br><strong>&nbsp;</strong><br><strong>For more information, visit <a href="https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwpp.com%2F&amp;data=05%7C02%7CErica.Durr%40wpp.com%7C9bf4566a65bc46a48ac008de749116ea%7C150b5e663d884dee83f6ed149b727a00%7C0%7C0%7C639076363668176216%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=Q9juosud56XGLThSFZ1NpPZd6FXpJPxV74OeRZWoh%2B4%3D&amp;reserved=0" target="_blank">WPP.com.</a></strong><br><strong>&nbsp;</strong></p></div><p><span style="text-decoration: underline;"><strong>Why we're hiring:</strong></span></p> <p>The Technical Security Governance Lead is responsible for leading one or more technical security governance domains within Digital Security &amp; Risk Management (DSRM). The role defines enforceable security guardrails and minimum baselines, monitors security posture and exposure, and provides independent oversight and challenge to Enterprise Technology (ET), DT&amp;S engineering teams, and business-managed technology owners.</p> <p>This role focuses on risk, exposure, and control effectiveness—ensuring that technical security risks are consistently identified, assessed, escalated, and reported—without designing, building, configuring, or operating technology platforms.</p> <p><span style="text-decoration: underline;"><strong>What you'll be doing:</strong></span></p> <p><strong>Technical Security Governance</strong></p> <ul> <li>Define and maintain technical governance guardrails, minimum baselines, and posture expectations for assigned domains.</li> <li>Translate enterprise policies, standards, and risk appetite into clear and actionable technical expectations for execution teams.</li> <li>Define exception criteria, escalation thresholds, and evidence requirements to ensure governance is auditable and defensible.</li> <li>Provide independent challenge to remediation plans and risk acceptances where residual risk remains unacceptable.</li> </ul> <p><strong>Compliance Monitoring</strong></p> <ul> <li>Support audit readiness by ensuring evidence requirements are defined, traceable, and consistently produced by execution owners.</li> <li>Contribute technical governance input to ISO/SOC and internal assurance activities, including control operation validation where required.</li> <li>Identify recurring compliance gaps and drive corrective actions through agreed remediation plans and escalation routes.</li> </ul> <p><strong>Collaboration and Stakeholder Engagement</strong></p> <ul> <li>Partner with Enterprise Technology, DT&amp;S engineering, and business-managed technology owners to embed governance expectations into delivery workflows.</li> <li>Work closely with Risk Management, Client Assurance &amp; Vendor Risk, and BISOs to ensure consistent risk visibility and business context.</li> <li>Communicate expectations clearly and pragmatically, enabling delivery teams to move quickly within defined boundaries.</li> </ul> <h4>Continuous Improvement</h4> <ul> <li>Identify opportunities to improve governance processes, automation, and reporting to reduce friction and improve risk outcomes.</li> <li>Stay informed on emerging threats and technical risk trends and incorporate relevant changes into governance expectations.</li> <li>Drive maturity improvements across domains through measurable targets and iterative uplift plans.</li> </ul> <p><strong>Domain Related Responsibilities - Identity</strong></p> <ul> <li>Define identity guardrails including authentication strength, privileged access controls, and identity-based risk thresholds.</li> <li>Monitor identity posture signals (e.g., MFA coverage, privileged access hygiene, risky access paths) and escalate systemic weaknesses.</li> <li>Ensure identity governance is treated as a primary attack-vector control domain across cloud, endpoint, and product environments.</li> </ul> <p><span style="text-decoration: underline;"><strong>What you'll need:</strong></span></p> <p><strong>Essential</strong></p> <ul> <li>Fluent English – reading, writing and conversation skills.</li> <li>Demonstrable experience in technical security governance, security assurance, or risk-based security oversight in a global environment</li> <li>Strong understanding of cybersecurity policies, standards, and frameworks (e.g., ISO 27001, NIST CSF).</li> <li>Strong understanding of cloud security, vulnerability management, identity risk, and modern attack paths and exposure management.</li> <li>Experience working with global engineering and operations teams</li> <li>Excellent analytical, problem-solving, and critical thinking skills.</li> <li>Strong communication and interpersonal skills, with the ability to collaborate effectively across teams.</li> <li>Ability to communicate risk and technical posture clearly to senior stakeholders and non-technical audiences.</li> </ul> <p><strong>Nice-to-Have</strong></p> <ul> <li>Certifications such as CISSP, Azure, AWS, GCP or other related to the domain.</li> <li>Familiarity with posture and detection tooling (e.g., CNAPP/CSPM, EDR, vulnerability scanning, identity telemetry) and evidence management approaches.</li> <li>Working knowledge of agile methodologies.</li> <li>Experience in multinational, multicultural and matrixed companies.</li> <li>Bachelor's degree in Information Security, Computer Science or a related field</li> </ul> <p><strong>Key Behaviour's &amp; Competencies</strong></p> <ul> <li>Experience operating in decentralised or federated organisations — holding companies, media groups, professional services firms, or global technology businesses — where governance relies on influence rather than control.</li> <li>Demonstrated ability to build governance programmes from the ground up, including posture measurement frameworks, KPI/KRI design, and executive risk reporting.</li> <li>Broad technical security knowledge across multiple domains — enough to lead a specialist team, provide credible challenge, and recognise when you are being given an incomplete picture.</li> <li>Strong executive communication skills — able to translate complex risk and posture data into clear, honest narratives for senior and non-technical audiences.</li> <li>Experience governing across multiple regions and regulatory environments, with familiarity with GDPR and other major data protection frameworks.</li> <li>Familiarity with client data obligations and the reputational and commercial stakes that come with them.</li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;"><strong>Who you are:</strong></span></p> <p><strong>You're open<em>:</em> </strong>We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.</p> <p><strong>You're optimistic<em>:</em></strong> <span id="628d56ad5d8a35dab853e65d9daa237c" class="editor-module-hl-green-solid">We believe</span> in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.</p> <p><strong>You're extraordinary:</strong> we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.</p> <p>&nbsp;</p> <p><span style="text-decoration: underline;"><strong>What we'll give you:</strong></span></p> <p><strong>Passionate, inspired people</strong> –&nbsp;We aim to create a culture in which people can do extraordinary work.</p> <p><strong>Scale and opportunity</strong> – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.</p> <p><strong>Challenging and stimulating work</strong> – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?</p> <p><span style="color: rgb(236, 240, 241);">#LI-Hybrid&nbsp;</span></p><div class="content-conclusion"><p><strong>We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.</strong></p> <p><strong>WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.</strong></p> <h4><strong>Please read our Privacy Notice (<a href="https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment">https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment</a>) for more information on how we process the information you provide.</strong></h4></div>