IT Risk

**WPP** is the transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.**

**Working at WPP means being part of a global network of more than 109,000 accomplished people in 110 countries. WPP has headquarters in New York, London and Singapore and a corporate presence in major markets worldwide.**

**We create transformative ideas and outcomes for our clients through an integrated offer of communications, experience, commerce, and technology.**

**WPP and our award-winning agencies work with most of the world's biggest companies and organisations - from Ford, Unilever and P&G to Google, HSBC, and the UN. Our clients include 61 of the FTSE 100, 317 of the Fortune Global 500, all 30 of the Dow Jones 30 and 62 of the NASDAQ 100. WPP are the leader in the Bloomberg Gender Equality Index and 8th in the FTSE 100 rankings for Women on Boards.**

**WPP IT provides IT services for WPP, the world's largest communications services group. As a creative transformation company, WPP is helping its clients transform the future through extraordinary work. WPP IT is an integral part of that journey and we are proud to provide technology for some of the world's most creative brands.**

**YOUR ROLE IN A NUTSHELL**:
The S&H archetype together with WPP IT are the technology solutions partner for WPP Corporate Functions, Production, PR & Specialist Agencies and are accountable for co-ordinating and assuring end-to-end change delivery, managing the IT technology life-cycle and innovation pipeline.

**WHAT YOU WILL SPEND YOUR TIME DOING**:
You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the S&H Archetype and the WPP Group.

You'll have a deep understanding of the information security risk standards, frameworks, and methodologies we can use to strengthen our risk and compliance posture. You will work across all OpCo's and agencies part of the S&H archetype to implement agreed processes and practices mandated by WPP CSO organisation and WPP IT Security function.

You'll be able to actively manage live security risk issues from an issue resolution and communication standpoint and be able to prioritise remediation to minimise impact to the S&H archetype and the wider WPP group.

**RESPONSBILITIES**:

- Work closely with and assist OA department head in developing a risk and compliance strategy for the S&H archetype that is aligned to WPP CSO and WPP IT strategies.
- Establish security, risk & compliance community across the range of S&H agencies to drive the implementation and standardisation of agreed security governance, risk & compliance approach
- Drive the Archetype's DR strategy and approach, working with S&H Archetype's Operations Assurance Lead, Strategy & Architecture and other IT stakeholders
- Drive Business Continuity (BC) planning to the appropriate level across the Specialist and Hogarth Archetype and ensure BC plans are updated and reviewed annually
- Conduct and support IT Risk Assessments - e.g., quarterly risk landscaping - owning and driving Specialist and Hogarth Archetype-specific risk mitigation actions
- Conduct risk reviews of major contracts/clients within the S&H Archetype, for consolidation at WPP level by IT Ops
- Respond to tracking and reporting from Internal, External or Client Audit findings within the S&H Archetype
- Conduct S&H Archetype self-certification and self-monitoring for IT controls, and maintain an active liaising channel with the IT Ops function at WPP group level
- Support S&H Archetype-wide input into the WPP IT Asset Register and CMDB owned by IT Ops
- Be S&H point of contact for relevant business stakeholder escalations relating to IT risk and compliance. Lead and oversee resolution of the most complex, critical, and impactful risk & compliance issues and security events in relation to IT Security
- Work closely with the IT Ops and CSO security teams to deal with security and compliance issues
- Work across the S&H Archetype teams like IT Security, Global Technology Services, Digital Workplace and Strategy and Architecture to design controls, deliver management information (KRIs) and risk mitigation plans
- Drive engagement, comms and adoption for all risk, compliance and security tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently.
- Design and deliver a range of educational activities and material to embed a strong SecureIT culture, mindset and behaviours across the archetype.
- Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capability
- Ensure tha