Technical Security Governance Lead - Identity

Responsibilities

• Technical Security Governance
• Define and maintain technical governance guardrails, minimum baselines, and posture expectations for assigned domains.
• Translate enterprise policies, standards, and risk appetite into clear and actionable technical expectations for execution teams.
• Define exception criteria, escalation thresholds, and evidence requirements to ensure governance is auditable and defensible.
• Provide independent challenge to remediation plans and risk acceptances where residual risk remains unacceptable.
• Compliance Monitoring
• Support audit readiness by ensuring evidence requirements are defined, traceable, and consistently produced by execution owners.
• Contribute technical governance input to ISO/SOC and internal assurance activities, including control operation validation where required.
• Identify recurring compliance gaps and drive corrective actions through agreed remediation plans and escalation routes.
• Collaboration and Stakeholder Engagement
• Partner with Enterprise Technology, DT&S engineering, and business-managed technology owners to embed governance expectations into delivery workflows.
• Work closely with Risk Management, Client Assurance & Vendor Risk, and BISOs to ensure consistent risk visibility and business context.
• Communicate expectations clearly and pragmatically, enabling delivery teams to move quickly within defined boundaries.
• Continuous Improvement
• Identify opportunities to improve governance processes, automation, and reporting to reduce friction and improve risk outcomes.
• Stay informed on emerging threats and technical risk trends and incorporate relevant changes into governance expectations.
• Drive maturity improvements across domains through measurable targets and iterative uplift plans.
• Domain Related Responsibilities - Identity
• Define identity guardrails including authentication strength, privileged access controls, and identity-based risk thresholds.
• Monitor identity posture signals (e.g., MFA coverage, privileged access hygiene, risky access paths) and escalate systemic weaknesses.
• Ensure identity governance is treated as a primary attack-vector control domain across cloud, endpoint, and product environments.

Requirements

• Essential
• Fluent English - reading, writing and conversation skills.
• Demonstrable experience in technical security governance, security assurance, or risk-based security oversight in a global environment
• Strong understanding of cybersecurity policies, standards, and frameworks (e.g., ISO 27001, NIST CSF).
• Strong understanding of cloud security, vulnerability management, identity risk, and modern attack paths and exposure management.
• Experience working with global engineering and operations teams
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication and interpersonal skills, with the ability to collaborate effectively across teams.
• Ability to communicate risk and technical posture clearly to senior stakeholders and non-technical audiences.
• Certifications such as CISSP, Azure, AWS, GCP or other related to the domain.
• Familiarity with posture and detection tooling (e.g., CNAPP/CSPM, EDR, vulnerability scanning, identity telemetry) and evidence management approaches.
• Working knowledge of agile methodologies.
• Experience in multinational, multicultural and matrixed companies.
• Bachelor's degree in Information Security, Computer Scien

Additional Information

WPP is the trusted growth partner for the world's leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company - powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. Why we're hiring: The Technical Security Governance Lead is responsible for leading one or more technical security governance domains within Digital Security & Risk Management (DSRM). The role defines enforceable security guardrails and minimum baselines, monitors security posture and exposure, and provides independent oversight and challenge to Enterprise Technology (ET), DT&S engineering teams, and business-managed technology owners. This role focuses on risk, exposure, and control effectiveness-ensuring that technical security risks are consistently identified, assessed, escalated, and reported-without designing, building, configuring, or operating technology platforms.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at wpp? Share your experience