Quick Summary
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production,
- Department: Data & Technology Solutions (DTS)
- Reports To: SVP Security and Compliance
- Location: [London/Hybrid]
- Position Type: Full-Time
The ISMS and Risk Officer (DTS) is responsible for managing and continuously improving the Information Security Management System (ISMS) across Data & Technology Solutions. You will ensure that security policies, controls, risks, exceptions, and governance processes are properly maintained, evidenced, reviewed, and acted upon.
Reporting to the SVP Security and Compliance, you will provide the operational backbone for security governance across DTS. This is a hands-on Governance, Risk, and Compliance (GRC) role. You will collaborate across security, product, engineering, infrastructure, architecture, legal, risk, compliance, and delivery teams to transform security governance into a dynamic, working management system rather than a static documentation exercise.
Responsibilities
~1 min read- Manage the day-to-day operation and continuous improvement of the DTS ISMS.
- Maintain the ISMS framework, documentation, control library, policies, standards, and procedures.
- Ensure the ISMS accurately reflects how DTS operates across products, platforms, infrastructure, data, and engineering.
- Support alignment with frameworks such as ISO 27001, SOC 2, GDPR, HIPAA (where applicable), and wider WPP security requirements.
- Ensure ISMS artefacts are version-controlled, approved, reviewed, and communicated appropriately.
- Maintain clear evidence of security governance activity, control operation, risk treatment, and management reviews.
- Own the lifecycle of DTS security and compliance policies, standards, procedures, and control documentation.
- Coordinate policy reviews with Security, Architecture, Infrastructure, Engineering, Product, Legal, Risk, and Enterprise Technology stakeholders.
- Ensure policies are practical, clear, enforceable, and aligned with DTS's operating reality.
- Track policy exceptions, waivers, compensating controls, and review dates.
- Ensure policy changes are communicated and seamlessly embedded into operational processes.
- Establish and continuously run the DTS Risk Review Board.
- Define the Board’s cadence, agenda, inputs, outputs, attendees, and escalation routes.
- Prepare comprehensive risk packs, dashboards, decision logs, and action trackers.
- Ensure risks are presented clearly, consistently, and with appropriate supporting evidence.
- Track decisions, owners, due dates, mitigations, exceptions, and residual risks.
- Escalate risks exceeding agreed thresholds to the SVP Security and Compliance, DTS leadership, the CISO office, or other appropriate forums.
- Own and maintain the central DTS security and compliance risk register.
- Capture, assess, categorise, and maintain security, compliance, privacy, operational resilience, third-party, and technology risks.
- Ensure all risks have clear descriptions, owners, likelihood/impact ratings, inherent risk scores, mitigations, residual risk scores, treatment plans, and target dates.
- Partner with risk owners to ensure mitigations are realistic, funded, and actively progressed.
- Track overdue risk actions and escalate insufficient progress.
- Produce regular risk reporting for DTS leadership and wider WPP governance forums.
- Support ongoing assurance activity by ensuring controls are consistently evidenced, tested, and reviewed.
- Maintain control evidence for ISO 27001, SOC 2, client assurance, internal audits, and other compliance needs.
- Coordinate evidence collection from Engineering, Infrastructure, Security, Product, HR, Legal, and Enterprise Technology.
- Identify gaps between documented controls and actual operating practices, tracking remediation plans.
- Support DTS compliance obligations (ISO 27001, SOC 2, HIPAA, GDPR-related controls, and client-specific requirements).
- Help prepare for internal/external audits, client reviews, security questionnaires, and due diligence exercises.
- Maintain an organized, always-ready evidence library and audit trail.
- Support management reviews required by ISO 27001 and other governance frameworks.
- Manage the formal process for security exceptions, policy waivers, risk acceptances, and remediation plans.
- Ensure exceptions are documented, reviewed, approved, time-bound, and assigned to accountable owners.
- Track compensating controls, monitor residual risk, and manage the renewal/escalation of expired exceptions.
- Help assess security and compliance risks associated with vendors, partners, tools, platforms, and managed services.
- Maintain supplier risk records and coordinate with Procurement, Legal, CISO, Enterprise Technology, and Product teams.
- Ensure third-party risk is appropriately integrated into the DTS risk register and Risk Review Board.
- Produce clear, reliable, and actionable governance dashboards and reports for the SVP Security and Compliance and DTS leadership.
- Translate complex governance and technical data into clear business language, highlighting trends, overdue actions, and material risks.
- Foster a collaborative and practical security governance culture across DTS.
- Coach risk owners on how to describe, assess, treat, and monitor risks.
- Ensure risk processes support business delivery rather than becoming bureaucratic overhead.
The ISMS and Risk Officer will be directly accountable for:
- Effective operation, accuracy, and maintenance of the DTS ISMS and Risk Register.
- Continuous, disciplined operation of the DTS Risk Review Board.
- Up-to-date, approved, and realistic security policies, standards, and control documentation.
- Structured tracking of risks, exceptions, waivers, and remediation plans.
- Audit-ready evidence management and reliable governance reporting to leadership.
- Proven experience in information security governance, risk management, compliance, audit, or ISMS operation.
- Strong working knowledge of ISO 27001 and practical ISMS management.
- Familiarity with SOC 2, GDPR, HIPAA, cloud security, SaaS platforms, and enterprise security controls.
- Experience maintaining risk registers, policy frameworks, control libraries, and audit evidence repositories.
- Experience running or supporting risk committees, governance forums, or control review boards.
- Excellent technical writing skills (policies, standards, risk statements, and governance reports).
- Ability to collaborate with technical teams and translate technical issues into business risk/compliance language.
- Strong organizational skills, high attention to detail, and a constructive yet persistent approach to driving action.
Nice to Have
~1 min read- Experience operating within a complex, matrixed, enterprise environment is highly valued.
- Disciplined & Reliable: Bring structure, order, and high standards of documentation to risk and compliance processes.
- Pragmatic & Delivery-Aware: Build trust with technical teams by making governance useful, proportionate, and aligned with delivery.
- Proactive: Follow through persistently on actions, dates, and evidence, and escalate bottlenecks clearly.
- Collaborative: Support the SVP Security and Compliance in building a mature, transparent, and well-governed security function.
- A current, well-maintained DTS ISMS with zero "reactive" compliance rushes.
- Security policies and standards reviewed, updated, and communicated on schedule.
- The Risk Review Board operating systematically with clear actions and high leadership engagement.
- DTS risk register actively used by leadership to drive risk-based decisions.
- Audit and certification evidence organized so there are "fewer surprises" during external audits and client reviews.
- Security governance fully embedded as a natural part of daily DTS operations.
Who you are:
What We Offer
~1 min readLocation & Eligibility
Listing Details
- Posted
- July 6, 2026
- First seen
- July 6, 2026
- Last seen
- July 6, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 67%
- Scored at
- July 6, 2026
Signal breakdown
Please let Wpp know you found this job on Jobera.
3 other jobs at Wpp
View all →Explore open roles at Wpp.
Similar Risk Officer jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.
