Director, Security Governance & Posture

WPP is the trusted growth partner for the world’s leading brands. 

We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. 
 
We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.
 
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. 
 
For more information, visit WPP.com.
 

Why we're hiring:

This is a senior leadership role with real scope and visibility. As Director of Security Governance & Posture, you will build and lead WPP's Technical Security Governance function — a team of domain specialists responsible for defining the security guardrails, posture expectations, and governance standards that protect one of the world's most complex and distributed technology estates.

You will not be managing firewalls or running a SOC. This role is about defining what good looks like, measuring whether we are getting there, and holding a large, fast-moving global organisation accountable for its security performance. You will own the governance framework across seven technical domains — Cloud, Vulnerability Management, Identity, Endpoint & Compute, AI & Agentic, Software Development, and Data Security — and lead the team that brings it to life.

If you thrive in complex, decentralised environments, know how to govern through influence rather than authority, and can turn messy security data into a clear story for a CISO or a board — this role is built for you.

What you'll be doing:

• Lead and develop a team of Technical Security Governance Leads, each owning a critical security domain, ensuring clear accountability, measurable outcomes, and continuous improvement.
• Own the governance framework — defining the standards, baselines, guardrails, and exception criteria that set the security performance bar across WPP's global technology estate.
• Drive posture measurement and performance reporting — owning the KPI/KRI framework that gives WPP's CISO and leadership team an honest, actionable picture of security risk and trajectory.
• Provide independent challenge and escalation — ensuring that material risks are identified, escalated, and treated, and that weak remediation plans or risk acceptances do not go unchallenged.
• Engage at the most senior levels — acting as the primary interface between Technical Security Governance and ET, DT&S, and business technology leadership, as well as Legal, Audit, and the CISO office.
• Build governance that works in practice — embedding security expectations into delivery workflows across a creative, fast-moving, globally distributed organisation without creating unnecessary friction.

What you'll need:

Must haves

• Fluent English – reading, writing and conversation skills.
• Bachelor’s degree in Information Security, Computer Science or a related field.
• 3+ years of demonstrable experience in technical security governance, security assurance, or risk-based security oversight in a global environment
• Strong understanding of cybersecurity policies, standards, and frameworks (e.g., ISO 27001, NIST CSF).
• Broad technical security knowledge across multiple domains — enough to lead a specialist team, provide credible challenge, and recognise when you are being given an incomplete picture.
• Strong executive communication skills — able to translate complex risk and posture data into clear, honest narratives for senior and non-technical audiences.
• Experience governing across multiple regions and regulatory environments, with familiarity with GDPR and other major data protection frameworks.
• Familiarity with client data obligations and the reputational and commercial stakes that come with them.

Nice to have

• Certifications such as CISSP, Azure, AWS, GCP or other related to the domain.
• Familiarity with posture and detection tooling (e.g., CNAPP/CSPM, EDR, vulnerability scanning, identity telemetry) and evidence management approaches.
• Working knowledge of agile methodologies.
• Experience in multinational, multicultural and matrixed companies.

Key Competencies & Behaviours

• Proactive Problem-Solving: Anticipates challenges in governance and compliance activities and develops effective solutions.
• Collaborative: Builds strong relationships across teams (e.g., Legal, Enterprise Technology) to ensure alignment and efficiency.
• Detail-Oriented: Ensures accuracy and thoroughness in policy development, risk assessments, and reporting.
• Adaptable: Thrives in a fast-paced environment and adjusts quickly to changing priorities or regulatory requirements.
• Ethical Integrity: Maintains high ethical standards, ensuring compliance with policies and safeguarding WPP’s reputation.
• Analytical Thinking:Demonstrates strong analytical skills to interpret complex data and identify actionable insights.
• Communication Skills: Clearly articulates findings, recommendations, and technical concepts to non-technical stakeholders.

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

 

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

#LI-Hybrid 

We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.

WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.

Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.