Senior It Controls & Compliance Analyst

Why we're hiring:WPP IT provides IT services for WPP, group owned operating companies and agencies. The WPP group is the world's largest communications services group, and as a creative transformation company, WPP is helping its clients transform the future through extraordinary work.  WPP IT is an integral part of that journey, and we are proud to provide technology for some of the world's most creative brands.As part of the organisational design initiative at WPP the Group CIO has created a new Target Operating Model (T.O.M), which consist of 4 distinct businesses in the group. These are: Integrated Creative, Media, Production, PR and Specialist – commonly termed as archetypes. S&H is one of the three new archetypes in the WPP group with a mandate for providing common solutions, platforms and services for Production, PR & Specialist Agencies and WPP Corporate Functions. Specialist & Hogarth (S&H) ArchetypeThe S&H archetype together with WPP IT are the technology solutions partner for WPP Corporate Functions, Production, PR & Specialist Agencies and are accountable for co-ordinating and assuring end-to-end change delivery, managing the IT technology life-cycle and innovation pipeline. WPP AUNZ Pty Ltd falls under the S&H Archetype.Operation AssuranceThe Operation Assurance (OA) team in the S&H archetype is responsible for ensuring safe and secure IT operations, protecting our customers, employees, and shareholders, whilst making sure we remain compliant with our legal, regulatory, and contractual obligations.  As a Risk & Compliance Manager you will play a critical role in developing and implementing a world class information security risk and compliance programme to protect operating companies and agencies in the S&H archetype from cyber threats. Working closely WPP CSO organisation, WPP IT Security, Director of Risk and Controls (AUNZ) and the OA department head you will assist in setting the vision and strategy for the and be responsible for escalations relating to IT operations, risks, compliance, audit, BCP and DR assessments.As a subject-matter-expert you will be responsible for managing and developing a highly effective risk and compliance function that strengthens our defences and creates a proactive and collaborative approach toYou will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial with broad impacts spanning both the S&H Archetype and the WPP Group.You'll have a deep understanding of the information security risk standards, frameworks, and methodologies we can use to strengthen our risk and compliance posture.  You will work across all OpCo's and agencies part of the S&H archetype to implement agreed processes and practices mandated by WPP CSO organisation and WPP IT Security function.You'll be able to actively manage live security risk issues from an issue resolution and communication standpoint and working with the IT Security Manager be able to prioritise remediation to minimise impact to the S&H archetype AUNZ region and the wider WPP group.What you'll be doing:Work closely with and assist OA department head in developing a risk and compliance strategy for the S&H archetype in the AUNZ region that is aligned to WPP CSO and WPP IT strategies.Establish security, risk & compliance community across the range of WPP agencies both in and outside the AUNZ region to drive the implementation and standardisation of agreed security governance, risk & compliance approachDrive the Archetype's DR strategy and approach, working with S&H Archetype's Operations Assurance Lead, Strategy & Architecture and other IT stakeholders.Drive Business Continuity (BC) planning to the appropriate level across the Specialist and Hogarth Archetype and ensure BC plans are updated and reviewed annuallyConduct and support IT Risk Assessments – e.g., quarterly risk landscaping - owning and driving Specialist and Hogarth Archetype-specific risk mitigation actionsConduct risk reviews of major contracts/clients within the S&H Archetype – AUNZ region, for consolidation at WPP level by IT OpsRespond to tracking and reporting from Internal, External or Client Audit findings within the S&H Archetype – AUNZ Region.Conduct S&H Archetype self-certification and self-monitoring for IT controls, and maintain an active liaising channel with the IT Ops function at WPP group levelSupport S&H Archetype-wide input into the WPP IT Asset Register and CMDB owned by IT OpsBe S&H point of contact for relevant business stakeholder escalations relating to IT risk and compliance. Lead and oversee resolution of the most complex, critical, and impactful risk & compliance issues and security events in relation to IT SecurityWork closely with the IT Ops and CSO security teams to deal with security and compliance issuesWork across the S&H Archetype teams like IT Security, Global Technology Services, Digital Workplace and Strategy and Architecture to design controls, deliver management information (KRIs) and risk mitigation plansDrive engagement, comms and adoption for all risk, compliance and security tasks to ensure the rationale for task is understood, the mandate is embedded, and colleagues and partners are trained and can perform effectively and efficiently.Design and deliver a range of educational activities and material to embed a strong SecureIT culture, mindset and behaviours across the archetype.Build strong relationships with the external stakeholders (customer, suppliers, other major bodies) as well as build a network of peers to bring innovation and insights on industry best practice, standards, frameworks, and processes to deliver a future-fit capabilityEnsure that S&H remains compliant with national legislative, regulatory, contractual and WPP security governance obligations.Support OpCo's and Agencies in the S&H Archetype during client pitch for winning new work by providing a compelling narrative to our prospective clients around the strength of our risk, compliance and security propositionWhat you'll need:Certifications in security (i.e. CISA, CRISC, CISSP, CISM) desirable but not essentialDegree or equivalent (i.e. BSc, BEng, MSc) desirable but not essentialComprehensive knowledge about Information Security risk standards, frameworks and best practices (i.e., ISO27K1, NIST, CIS, SOC:1-2 Cyber Essentials, GDPR)Strong and deep background in cyber / information security in complex global organisationsTrack record of working with high performing, business and operations teamsAbility to provide leadership on complex and unfamiliar situations, often involving risk and emotionExpert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholdersAble to lead highly complex programmes across multiple units and geographies with high-pressure deliverableRisk and Compliance subject-matter-expert with in-depth knowledge of security governance in the cloud and on-prem IT technologiesGood knowledge of qualitative, quantitative information security risk methodologies, and/or experience working with ISO31000 enterprise risk management standardGood understanding of managing internal and external audits (i.e., SOC:1-2, SOX) and assurance activities, including testing the design and operational effectiveness of security controlsAbility to operate and lead in a fast-paced organizational transformation and able to navigate and champion change across organisational / geographical complexityA genuine desire to lead, develop, coach and mentor junior team membersWho you are:You're open:We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are accepting: of new ideas, new partnerships, new ways of working.You're optimistic:We believein the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.You're extraordinary:we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.What we'll give you:Passionate, inspired people– We promote a culture of people that do extraordinary work.Scale and opportunity– We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.Challenging and stimulating work– Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?