Head of Threat Intelligence & Knowledge

WPP is the trusted growth partner for the world’s leading brands. 

We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. 
 
We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.
 
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. 
 
For more information, visit WPP.com.
 

Why we're hiring:

The Head of Threat Intelligence & Knowledge Sharing is responsible for establishing, leading, and maturing a comprehensive cyber threat intelligence (CTI) capability that supports detection engineering, incident response, threat hunting, vulnerability management, and executive decision-making. Additionally, this role owns the Operational Security knowledge management function, ensuring all processes, insights, and lessons learned are captured, validated, structured, and shared in alignment with ITIL knowledge management standards.

What you'll be doing:

Core Responsibilities

Threat Intelligence Strategy & Leadership

• Lead the Cyber Threat Intelligence (CTI) function across operational, tactical, and strategic domains.
• Define the intelligence lifecycle, collection strategy, and analytical standards.
• Own the production of intelligence reports, threat landscape assessments, and adversary TTP analysis.
• Maintain a centralised repository of indicators of compromise (IOCs), threat artefacts, and contextual insights.
• Ensure intelligence outputs directly support SOC, Incident Response, Detection Engineering, and Threat Hunting.

Integration & Operational Enablement

• Embed threat intelligence into detection engineering, SIEM/EDR rule development, and automation workflows.
• Support incident investigations with tailored intelligence and enrichment.
• Enable proactive threat hunting by providing context on adversary behaviour and emerging trends.
• Collaborate with vulnerability management teams to prioritise exposures based on threat context.

Intelligence Sharing & External Collaboration

• Develop and manage intelligence-sharing partnerships with vendors, ISACs, MSSPs, and OpCos.
• Ensure consistent, secure dissemination of intelligence to internal stakeholders.
• Represent Operational Security in external intelligence forums, working groups, and industry collaborations.

Knowledge Sharing (ITIL-Aligned)

• Own the Operational Security Knowledge Management Framework in line with ITIL standards.
• Define and maintain the lifecycle for knowledge artefacts: creation, validation, approval, publishing, review.
• Ensure all SOPs, playbooks, lessons learned, incident reports, and intelligence summaries are structured, version-controlled, and searchable.
• Promote visibility, collaboration, and continual improvement across Operational Security.
• Ensure knowledge assets support consistent service delivery and reduce reliance on tacit knowledge.

Team Leadership & Capability Development

• Lead and mentor Threat Intelligence Analysts and Knowledge Managers.
• Define capability roadmaps, learning plans, and certification pathways.
• Ensure consistent analytical quality across intelligence outputs.
• Foster a culture of continuous learning, curiosity, and intelligence-led operational improvement.

Governance, Quality Assurance & Reporting

• Ensure CTI and knowledge-sharing activities comply with governance, privacy, and audit standards.
• Oversee risk rating methodologies and structured threat assessments.
• Deliver executive-level intelligence reporting for leadership and governance bodies.
• Maintain audit-ready knowledge and intelligence artefacts with strong version control.

What you'll need:

Threat Intelligence Expertise

• Extensive experience leading cyber threat intelligence programs.
• Strong understanding of adversary TTPs, malware behaviour, and global threat landscape trends.
• Hands-on experience with CTI tooling, OSINT sources, enrichment platforms, and data correlation.
• Ability to produce operational, tactical, and strategic intelligence tailored to multiple audiences.

Knowledge Management & ITIL

• Strong understanding of ITIL 4 knowledge management practices and the Service Value System (SVS).
• Experience designing and maintaining enterprise knowledge frameworks.
• Ability to govern structured repositories, taxonomies, and lifecycle-managed content.

Leadership & Collaboration

• Experience leading multidisciplinary intelligence or security teams.
• Ability to influence stakeholders and communicate complex intelligence clearly.
• Strong interpersonal skills for cross-functional engagement and external partnerships.

Certifications (Preferred)

• SANS GCTI, GREM, GCIA, GOSI.
• ITIL 4 Foundation or higher.
• Relevant intelligence tradecraft certifications (e.g., CREST).
• Security qualifications such as CISSP, GIAC, or equivalent (advantageous).

Key Attributes

• Analytical thinker with strong investigative instincts.
• Excellent written communication and reporting skills.
• Structured, organised, and documentation-driven.
• Collaborative leader who promotes visibility and shared understanding.

Strong ethical judgement and discretion in handling sensitive intelligence

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.

WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.

Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.