Information Security Risk and Compliance Manager
2 weeks ago
Why we're hiring:
WPP IT provides IT services for WPP, group owned operating companies and agencies.
The WPP group is the world's largest communications services group, and as a creative transformation company, WPP is helping its clients transform the future through extraordinary work.
WPP IT is an integral part of that journey, and we are proud to provide technology for some of the world's most creative brands.
As part of the organisational design initiative at WPP the Group CIO has created a new Target Operating Model (T.O.M), which consist of 4 distinct businesses in the group.
These are:
Integrated Creative, Media, Production, PR and Specialist – commonly termed as archetypes.
S&H is one of the three new archetypes in the WPP group with a mandate for providing common solutions, platforms and services for Production, PR & Specialist Agencies and WPP Corporate Functions.
The S&H archetype together with WPP IT are the technology solutions partner for WPP Corporate Functions, Production, PR & Specialist Agencies and are accountable for co-ordinating and assuring end-to-end change delivery, managing the IT technology life-cycle and innovation pipeline.
What you'll be doing:
Work closely with and assist OA department head in developing a risk and compliance strategy for the S&H archetype that is aligned to WPP CSO and WPP IT strategies.
Establish security, risk & compliance community across the range of S&H agencies to drive the implementation and standardisation of agreed security governance, risk & compliance approach.
Drive the Archetype's DR strategy and approach, working with S&H Archetype's Operations Assurance Lead, Strategy & Architecture and other IT stakeholders.
Drive Business Continuity (BC) planning to the appropriate level across the Specialist and Hogarth Archetype and ensure BC plans are updated and reviewed annually.
Conduct and support IT Risk Assessments – e.g., quarterly risk landscaping - owning and driving Specialist and Hogarth Archetype-specific risk mitigation actions.
Conduct risk reviews of major contracts/clients within the S&H Archetype, for consolidation at WPP level by IT Ops.Respond to tracking and reporting from Internal, External or Client Audit findings within the S&H Archetype
Conduct S&H Archetype self-certification and self-monitoring for IT controls, and maintain an active liaising channel with the IT Ops function at WPP group level
Support S&H Archetype-wide input into the WPP IT Asset Register and CMDB owned by IT Ops.
Be S&H point of contact for relevant business stakeholder escalations relating to IT risk and compliance.
Lead and oversee resolution of the most complex, critical, and impactful risk & compliance issues and security events in relation to IT Security.
Work closely with the IT Ops and CSO security teams to deal with security and compliance issues.Work across the S&H Archetype teams like IT Security, Global Technology Services, Digital Workplace and Strategy and Architecture to design controls, deliver management information (KRIs) and risk mitigation plans
Drive engagement, comms and adoption for all risk, compliance and security tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently.
Design and deliver a range of educational activities and material to embed a strong SecureIT culture, mindset and behaviours across the archetype.
Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capability.
Ensure that S&H remains compliant with national legislative, regulatory, contractual and WPP security governance obligations.Support OpCo's and Agencies in the S&H Archetype during client pitch for winning new work by providing a compelling narrative to our prospective clients around the strength of our risk, compliance and security proposition.
Be responsible more managing a team of risk and compliance analysts to support business functions in EMEA, AMER & APAC regions.
Who you'll be working with:The Operation Assurance (OA) team in the S&H archetype is responsible for ensuring safe and secure IT operations, protecting our customers, employees, and shareholders, whilst making sure we remain compliant with our legal, regulatory, and contractual obligations.
As a Risk & Compliance Manager you will play a critical role in developing and implementing a world class information security risk and compliance programme to protect operating companies and agencies in the S&H archetype from cyber threats.
Working closely WPP CSO organisation, WPP IT Security, and the OA department head you will assist in setting the vision and strategy for the OA function and be responsible for escalations relating to IT operations, risks, compliance, audit, BCP and DR assessments.
As a subject-matter-expert you will be responsible for managing and developing a highly effective risk and compliance function that strengthens our defences and creates a proactive and collaborative approach to IT Security and IT Security risk management.
You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the S&H Archetype and the WPP Group.
What you'll need:
Certifications in security (i.e. CISA, CRISC, CISSP, CISM) desirable but not essential
Degree or equivalent (i.e. BSc, BEng, MSc) desirable but not essential
Comprehensive knowledge about Information Security risk standards, frameworks and best practices (i
e, ISO27K1, NIST, CIS, SOC:
1-2 Cyber Essentials, GDPR)
Strong and deep background in cyber / information security in complex global organisations
Track record of building / leading diverse, high performing, operations teams from the ground up and comfortable working with autonomy
Ability to provide leadership on complex and unfamiliar situations, often involving risk and emotion
Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders
Able to lead highly complex programmes across multiple units and geographies with high-pressure deliverable
Risk and Compliance subject-matter-expert with in-depth knowledge of security governance in the cloud and on-prem IT technologies
Good knowledge of qualitative, quantitative information security risk methodologies, and/or experience working with ISO31000 enterprise risk management standard
Good understanding of managing internal and external audits (i
e, SOC:
1-2, SOX) and assurance activities, including testing the design and operational effectiveness of security controls
Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity
A genuine desire to lead, develop, coach and mentor direct reports/team members
Who you are:
You're open :
We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views
We are accepting:
of new ideas, new partnerships, new ways of working.
You're optimistic :
We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities.
We approach all that we do with conviction:
to try the new and to seek the unexpected.
You're extraordinary:
we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.
What we'll give you:
Passionate, inspired people – We promote a culture of people that do extraordinary work.
Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.
Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?If this role hasn't captured your interest, that's ok Would you consider sharing your opinion?
At WPP, we're always trying to improve our hiring process, so your feedback is appreciated. Don't worry, all responses will not influence any future applications that you may make.
#J-18808-Ljbffr
-
Information Security Risk and Compliance Manager
2 weeks ago
London, Greater London, United Kingdom eMed Full timeThe Technology/Information Security Risk and Compliance Manager is responsible for technology / information security risk management and security compliance management, supporting eMed's Global Clinical Services / Babylon Healthcare Services Limited's Information Security Management System (ISMS) is adopted and effectively implemented within the UK....
-
Information Security Risk and Compliance Manager
2 weeks ago
London, Greater London, United Kingdom eMed Full timeThe Technology/Information Security Risk and Compliance Manager is responsible for technology / information security risk management and security compliance management, supporting eMed's Global Clinical Services / Babylon Healthcare Services Limited's Information Security Management System (ISMS) is adopted and effectively implemented within the UK. WHAT...
-
Information Security Risk Lead
2 weeks ago
London, Greater London, United Kingdom Stott and May Full timeInformation Security Governance Lead Location: London, UK Basic + Bonus + Share options + Benefits As an Information Security Governance Lead, you will be an integral part of the Security & Trust Team, driving the implementation of industry standards and best practices. This hands-on role offers a unique opportunity to contribute to a thriving and...
-
Information Security Risk Lead
1 week ago
London, Greater London, United Kingdom Stott and May Full timeJob Title: Information Security Governance LeadCompany: Thriving and Progressive CompanyAs an Information Security Governance Lead, you will play a crucial role within the Security & Trust Team, overseeing the enforcement of industry standards and optimal protocols.This dynamic position provides a valuable chance to make a significant contribution to a...
-
Information Security Risk Manager
2 weeks ago
London, Greater London, United Kingdom Yolk Recruitment Ltd Full timeConexus has partnered with a Global Pharmaceutical Company to source an Information Security Risk Manager who will be responsible for assessing, reporting, and managing information security risks identified in our systems and data, business processes, and third-party service providers. You will work closely with IT colleagues and business stakeholders based...
-
Information Security Risk Manager
2 weeks ago
London, Greater London, United Kingdom Conexus DX Limited Full timeConexus has partnered with a Global Pharmaceutical Company to source an Information Security Risk Manager who will be responsible for assessing, reporting, and managing information security risks identified in our systems and data, business processes, and third-party service providers. You will work closely with IT colleagues and business stakeholders based...
-
Information Security Risk
2 weeks ago
London, Greater London, United Kingdom WeAreTechWomen Full timeOur people make us who we are. We're a diverse and inclusive bunch, and it's important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers. LI-KS1 Create & Maintain an information security management system (ISMS) capable of demonstrating...
-
Risk & Compliance Officer
2 weeks ago
London, Greater London, United Kingdom Compliance Professionals Full timeTHE COMPANY: We are working with a retail and wholesale bank based in the Westend in their search for a Risk & Compliance Officer to join the team. THE RESPONSIBILITIES: Report any deficiencies in the Bank's policies or practices in relation to Compliance to the Compliance Manager and where applicable to the Head of Department. Analyse and keep up to...
-
Compliance & Information Security Manager
2 weeks ago
London, Greater London, United Kingdom Bottomline Full timeBottomline is on a mission to be the world's leading business payments company, aligning our team to the common purpose of transforming the way businesses pay and get paid. It is a journey that goes around the world serving financial institutions and companies in more than 90 countries. Our Portsmouth office is the central strategic hub in the US as well as...
-
Information Security Manager
1 week ago
London, Greater London, United Kingdom Locke and McCloud Full timeJob DescriptionRole: Information Security ManagerLocation: LondonSalary: £90,000+Locke & McCloud are seeking an experienced Information Security Manager to lead a team of Information Security Analysts and support a Head of Information Security at a global law firm. The successful individual will work closely closely with multiple stakeholders across the...
-
Information Security Risk Manager
2 weeks ago
London, Greater London, United Kingdom Boston Consulting Group Full timeWHAT YOU'LL DO As the Information Security Risk Manager at BCG, you will be a key player in our efforts to protect digital assets and manage cybersecurity risks. This pivotal role involves overseeing the risk management framework, maintaining the risk register, and managing the overall risk operations within the organization. Your strategic and operational...
-
IT Risk and Security Architect
2 weeks ago
London, Greater London, United Kingdom Security Bank & Trust Co. Full timeOverview:Join a dynamic team at our client, where innovation and collaboration drive their mission to redefine automotive excellence. Since the inception of Project Grenadier in 2017, the company has experienced rapid growth, transitioning from a startup to a thriving enterprise.The Role:As an IT Risk and Security Architect, you will play a pivotal role in...
-
Risk & Compliance Manager
1 week ago
London, Greater London, United Kingdom AJ Fox Compliance Full timeA legal business head-quartered in London is seeking an experienced Risk & Compliance Manager to join their team. Whilst this role is based in London, it offers a lot of flexibility with regard to WFH. This is a really exciting opportunity for someone tojoin a business with genuine growth plans.This role is ideal for someone who feels stuck in a narrow AML...
-
Information Security Risk Analyst
2 weeks ago
London, Greater London, United Kingdom Brown and Brown Insurance Full timeYou are applying for a job at: Brown & Brown (Europe) We are part of Brown & Brown Insurance group. Built on meritocracy, our unique company culture rewards self-starters and those who are committed to doing what is best for our customers. Information Security Risk Analyst Location: Hybrid - London Package: Negotiable + Benefits The Information...
-
Information Security Compliance Manager
2 weeks ago
London, Greater London, United Kingdom Bottomline Full timeThis is a role for an early in career person (3-5 years' experience)Who Are We?Bottomline is on a mission to be the world's leading business payments company, aligning our team to the common purpose of transforming the way businesses pay and get paid.It is a journey that goes around the world serving financial institutions and companies in more than 90...
-
Information Security, Governance, Risk and
1 week ago
London, Greater London, United Kingdom ASOS Full timeCompany DescriptionWe're ASOS. We blend our flair for fashion with our love of cutting- edge technology, but more importantly were interested in how we can bring the best out of you.We exist to give people the confidence to be whoever they want to be, and that goes for our people too. At ASOS, you're free to be your true self without judgment, and channel...
-
IT (Security Controls) Risk & Compliance Manager
2 weeks ago
London, Greater London, United Kingdom WPP Full timeWPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities. Working at WPP means being part of a global network of more than 115,000 accomplished people in 110 countries. WPP has headquarters in New York, London and Singapore and a corporate presence in major markets...
-
Security Risk and Compliance Engineer
2 weeks ago
London, Greater London, United Kingdom Holt Executive Full timeHolt Executive are currently partnered with a Global Satellite Connectivity Organisation, a market leader in providing voice and high-speed data communications to a number of critical industries. With massive recent investment in their latest network infrastructure, they are at the forefront of space and satellite innovation.They require a Security Risk and...
-
Information Security Compliance Manager
1 week ago
London, Greater London, United Kingdom Bottomline Full timeThis is a role for an early in career person (3-5 years' experience)Who Are We?Bottomline is on a mission to be the world's leading business payments company, aligning our team to the common purpose of transforming the way businesses pay and get paid.It is a journey that goes around the world serving financial institutions and companies in more than 90...
-
Information Security Risk Analyst
1 week ago
London, Greater London, United Kingdom Arc IT Recruitment Full timeInformation Security Risk AnalystLondon / HybridTo £50k plus bonus plus bensInformation Security Risk Analyst is required by financial services organisation. This role will join the 2nd Line Information Security Risk team within the Group Risk Function. The key function of this role will be to investigate potential data incidentsor breaches identified by...
