Job Description

WPP is the transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities. Working at WPP means being part of a global network of more than 100,000 accomplished people in 110 countries. We create transformative ideas and outcomes for its clients through an integrated offer of communications, experience, commerce, and technology. WPP and our award-winning agencies work with most of the world's biggest companies and organisations – from Ford, Unilever and P&G to Google, HSBC, and the UN. Our clients include 61 of the FTSE 100, 325 of the Fortune Global 500, all 30 of the Dow Jones 30 and 62 of the NASDAQ 100. WPP has headquarters in New York, London and Singapore and a corporate presence in major markets worldwide. We are quoted on the London Stock Exchange and the New York Stock Exchange. Key performance indicators for WPP (2020) include Billings of £46.9bn and Revenue of £12bn. #LI-Hybrid Visit our LinkedIn page to see what we're up to! Why we're hiring: WPP IT provides IT services for WPP, group owned operating companies and agencies. The WPP group is the world's largest communications services group, and as a creative transformation company, WPP is helping its clients transform the future through extraordinary work. WPP IT is an integral part of that journey, and we are proud to provide technology for some of the world's most creative brands. As part of the organisational design initiative at WPP the Group CIO has created a new Target Operating Model (T.O.M), which consist of 4 distinct business functions in the group. These are: Integrated Creative, Media, Production, PR and Specialist – commonly termed as archetypes. S&H is one of these new archetypes in the WPP group with a mandate for providing common solutions, platforms and services for Production, PR & Specialist Agencies and WPP Corporate Functions. Specialist & Hogarth (S&H) Archetype The S&H archetype together with WPP IT are the technology solutions partner for WPP Corporate Functions, Production, PR & Specialist Agencies and are accountable for co-ordinating and assuring end-to-end change delivery, managing the IT technology life-cycle and innovation pipeline. Operation Assurance The Operation Assurance (OA) team in the S&H archetype is responsible for ensuring safe and secure IT operations, and protecting our customers, employees, and shareholders from security threats, whilst making sure we remain compliant with our legal, regulatory, and contractual obligations. As an IT Security Analyst, you will play a critical role in assisting the Security Lead with BAU and project related activities. You will be required to develop a close working partnership with WPP CSO organisation and the WPP IT Security function. As part of your BAU activities you will have ownership and be responsible for managing security events, incident response, escalations relating to IT security operations, and security assessments. The OA team is growing, and we are looking for someone to join the team and help drive forward our risk-based security programme of improvement and education. You will operate in a highly complex environment with multiple risk categories, including IT operations, information security, legal, regulatory, financial and commercial, which has broad impacts spanning both the S&H Archetype and the wider WPP Group. As a member of the OA team, you will be required to work across all OpCo's and agencies part of the S&H archetype to implement agreed processes and practices mandated by WPP CSO organisation and WPP IT Security function. You'll have a keen interest in developing subject-matters-expertise in information security and the cyber risk domain and a strong desire to strengthen our security posture. You'll be able to actively manage live security risk issues from an issue resolution and communication standpoint and be able to prioritise remediation to minimise impact to the S&H archetype and the WPP group.
What you'll be doing:

• Tracking of vulnerability management and penetration testing activities, and remedial actions
• Day-to-day management of security events, incident response and investigation with RCA
• Analysis of security log and alert data, prioritising events and escalating where necessary
• Development, implementation and awareness of security related policies and procedures
• Promoting adherence to relevant security and risk controls, and governance frameworks
• Monitoring of security & compliance tasks on cloud platforms (AWS, Azure & GCP)
• Compliance with established and new Data Protection regulations
• Assisting Security Lead in preparing and conducting BCP/DR related activities
• Conducting Vendor Security Assessments in accordance with industry standard control frameworks
• Participate in change management process to ensure all changes are in accordance with security best practices.
• Participation in internal and external security audits and tracking of remedial activities
• Tracking and reporting for asset and secure configuration management
• Maintaining and completion of and reporting on risk assessments
• Maintaining the security and compliance calendar and ensuring it is kept updated
• Managing the Security and Compliance knowledge base and intelligence profile
• Delivering security domain specific expertise in RFI / RFP responses

What you'll need:

• Excellent understanding of the general principles, practices and technologies relating to information security and cyber risk.
• Understanding of the business relevance of information security risks, threat landscape and the current trends and developments in information security.
• Understanding of relevant industry standards e.g., ISO 27001, NIST CSF and CIS 18.
• Good undergraduate degree in engineering or computer science discipline are desirable but not essential.
• Foundational security certifications (e.g., CompTIA Security+, MSCE/MCTS, Azure & O365 Security Certification, AWS Security Certification, & CCNA etc.) are desirable but not essential.
• Good all-round technical knowledge of Operating Systems, Applications, Databases, and Infrastructure both on-prem and in the cloud.
• Good understating of cloud native security solutions (i.e., AWS Inspector & Trusted Advisor, Google's Security Command Centre, Azure Security Centre & O365 Security & Compliance Centre).
• Good understanding and knowledge of IT and security solutions (e.g., Firewalls, IDS/IPS, Load Balancers, SIEM, DLP, CASP, Proxy, LDAP, RADIUS, AD, DNS, DHCP, VPN AV, MDR).
• An ability to apply original and innovative thinking to produce new ideas.
• Good written and verbal skills, and the ability to break down work into manageable parts, effectively assessing the priority and time required to complete each task.

Who you are: You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are accepting: of new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.
What we'll give you: Passionate, inspired people – We promote a culture of people that do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? WPP is an equal opportunity employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability. We believe in creating a dynamic work environment that values diversity and inclusion and strives to recruit a diverse slate of candidates to help us achieve that goal. Please read our Privacy Notice for more information on how we process the information you provide.