IT Risk & Compliance Manager
WPP
- Chennai, Tamil Nadu
- Permanent
- Full-time
- Work closely with and assist OA department head in developing a risk and compliance strategy for the S&H archetype in the AUNZ region that is aligned to WPP CSO and WPP IT strategies.
- Establish security, risk & compliance community across the range of WPP agencies both in and outside the AUNZ region to drive the implementation and standardisation of agreed security governance, risk & compliance approach
- Drive the Archetype's DR strategy and approach, working with S&H Archetype's Operations Assurance Lead, Strategy & Architecture and other IT stakeholders.
- Drive Business Continuity (BC) planning to the appropriate level across the Specialist and Hogarth Archetype and ensure BC plans are updated and reviewed annually
- Conduct and support IT Risk Assessments - e.g., quarterly risk landscaping - owning and driving Specialist and Hogarth Archetype-specific risk mitigation actions
- Conduct risk reviews of major contracts/clients within the S&H Archetype - AUNZ region, for consolidation at WPP level by IT Ops
- Respond to tracking and reporting from Internal, External or Client Audit findings within the S&H Archetype - AUNZ Region.
- Conduct S&H Archetype self-certification and self-monitoring for IT controls, and maintain an active liaising channel with the IT Ops function at WPP group level
- Support S&H Archetype-wide input into the WPP IT Asset Register and CMDB owned by IT Ops
- Be S&H point of contact for relevant business stakeholder escalations relating to IT risk and compliance. Lead and oversee resolution of the most complex, critical, and impactful risk & compliance issues and security events in relation to IT Security
- Work closely with the IT Ops and CSO security teams to deal with security and compliance issues
- Work across the S&H Archetype teams like IT Security, Global Technology Services, Digital Workplace and Strategy and Architecture to design controls, deliver management information (KRIs) and risk mitigation plans
- Drive engagement, comms and adoption for all risk, compliance and security tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently.
- Design and deliver a range of educational activities and material to embed a strong SecureIT culture, mindset and behaviours across the archetype.
- Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capability
- Ensure that S&H remains compliant with national legislative, regulatory, contractual and WPP security governance obligations.
- Support OpCo's and Agencies in the S&H Archetype during client pitch for winning new work by providing a compelling narrative to our prospective clients around the strength of our risk, compliance and security proposition
- Certifications in security (i.e. CISA, CRISC, CISSP, CISM) desirable but not essential
- Degree or equivalent (i.e. BSc, BEng, MSc) desirable but not essential
- Comprehensive knowledge about Information Security risk standards, frameworks and best practices (i.e., ISO27K1, NIST, CIS, SOC:1-2 Cyber Essentials, GDPR)
- Strong and deep background in cyber / information security in complex global organisations
- Track record of working with high performing, business and operations teams
- Ability to provide leadership on complex and unfamiliar situations, often involving risk and emotion
- Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders
- Able to lead highly complex programmes across multiple units and geographies with high-pressure deliverable
- Risk and Compliance subject-matter-expert with in-depth knowledge of security governance in the cloud and on-prem IT technologies
- Good knowledge of qualitative, quantitative information security risk methodologies, and/or experience working with ISO31000 enterprise risk management standard
- Good understanding of managing internal and external audits (i.e., SOC:1-2, SOX) and assurance activities, including testing the design and operational effectiveness of security controls
- Ability to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexity
- A genuine desire to lead, develop, coach and mentor junior team members