Director, Security Governance & Posture

Why we're hiring:

This is a senior leadership role with real scope and visibility. As Director of Security Governance & Posture, you will build and lead WPP's Technical Security Governance function — a team of domain specialists responsible for defining the security guardrails, posture expectations, and governance standards that protect one of the world's most complex and distributed technology estates.

You will not be managing firewalls or running a SOC. This role is about defining what good looks like, measuring whether we are getting there, and holding a large, fast-moving global organisation accountable for its security performance. You will own the governance framework across seven technical domains — Cloud, Vulnerability Management, Identity, Endpoint & Compute, AI & Agentic, Software Development, and Data Security — and lead the team that brings it to life.

If you thrive in complex, decentralised environments, know how to govern through influence rather than authority, and can turn messy security data into a clear story for a CISO or a board — this role is built for you.

What you'll be doing:

• Lead and develop a team of Technical Security Governance Leads, each owning a critical security domain, ensuring clear accountability, measurable outcomes, and continuous improvement.
• Own the governance framework — defining the standards, baselines, guardrails, and exception criteria that set the security performance bar across WPP's global technology estate.
• Drive posture measurement and performance reporting — owning the KPI/KRI framework that gives WPP's CISO and leadership team an honest, actionable picture of security risk and trajectory.
• Provide independent challenge and escalation — ensuring that material risks are identified, escalated, and treated, and that weak remediation plans or risk acceptances do not go unchallenged.
• Engage at the most senior levels — acting as the primary interface between Technical Security Governance and ET, DT&S, and business technology leadership, as well as Legal, Audit, and the CISO office.
• Build governance that works in practice — embedding security expectations into delivery workflows across a creative, fast-moving, globally distributed organisation without creating unnecessary friction.

What you'll need:

• Exceptional communication skills in English, both written and verbal, for diverse audiences.
• Bachelor's degree in Information Security, Computer Science, or a related technical field.
• Demonstrable experience in technical security governance, security assurance, or risk-based security oversight within a global enterprise.
• Profound understanding of leading cybersecurity policies, standards, and frameworks (e.g., ISO 27001, NIST CSF).
• Extensive technical security knowledge spanning multiple domains, enabling effective leadership of specialist teams, credible challenge, and keen discernment of incomplete information.
• Proven executive communication abilities to translate complex risk and security posture data into clear, concise, and honest narratives for both senior leadership and non-technical stakeholders.
• Practical experience governing security across diverse regions and regulatory landscapes, with a solid grasp of GDPR and other major data protection frameworks.
• Comprehensive understanding of client data obligations, recognizing their critical reputational and commercial implications.

• Relevant industry certifications such as CISSP, or cloud platform certifications (Azure, AWS, GCP).
• Familiarity with security posture and detection tooling, including CNAPP/CSPM, EDR, vulnerability scanning, identity telemetry, and effective evidence management approaches.
• Working knowledge of agile methodologies.
• Experience operating within multinational, multicultural, and matrixed organisational structures.

• Proactive Problem-Solver: Anticipates governance and compliance challenges, developing and implementing effective solutions.
• Collaborative Team Player: Builds and nurtures strong relationships across diverse teams (e.g., Legal, Enterprise Technology) to foster alignment and optimise efficiency.
• Detail-Oriented: Ensures meticulous accuracy and thoroughness in policy development, risk assessments, and reporting.
• Adaptable & Resilient: Thrives in dynamic, fast-paced environments, quickly adjusting to evolving priorities and regulatory requirements.
• Unwavering Ethical Integrity: Upholds the highest ethical standards, ensuring strict compliance with policies and safeguarding the organisation's reputation.
• Strong Analytical Thinker: Proficiently interprets complex data to identify critical insights and formulate actionable recommendations.
• Effective Communicator: Clearly articulates technical concepts, findings, and recommendations to both technical and non-technical stakeholders.

Who you are: