Security jobs in United Kingdom

London

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.

Working at WPP means being part of a global network of more than 115,000 accomplished people in 110 countries.

Why we're hiring:

We are seeking a highly motivated and experienced Cloud Application Security Governance Specialist to join our team. In this role, you will be the champion for building and maintaining a strong security posture for all applications and their data hosted on Google Cloud Platform (GCP).

What you'll be doing:

• Strong understanding of cloud security principles and best practices, with a focus on GCP.
• Hands-on experience with GCP security services.
• Knowledge of application security concepts, vulnerabilities, and attack vectors.
• Familiarity with security standards and frameworks like ISO 27001, SOC 2, and CIS Benchmarks.
• Excellent communication and collaboration skills to work effectively with technical and non-technical teams.

Establish a Robust Security Governance Framework:

• Translate security standards and best practices into actionable policies, procedures, and guidelines for GCP applications.
• Define and manage the application security lifecycle, integrating security assessments and controls into each development phase.
• Proactively identify, assess, and prioritize application security risks, maintaining a centralized risk register.

Implement and Manage Key IT Security Controls:

• Access Control:
• Enforce strong authentication mechanisms, including multi-factor authentication, for all users and accounts.
• Define and manage granular access controls based on the principle of least privilege.
• Conduct regular access reviews and promptly revoke access for terminated users or unused accounts.
• Data Protection:
• Implement robust data protection measures to comply with global data privacy regulations.
• Enforce data encryption at rest and in transit for sensitive application data stored and transmitted within GCP.
• Vulnerability & Threat Management:
• Establish a robust patch management process for application dependencies and infrastructure.
• Implement comprehensive security monitoring, logging, and alerting for applications.
• Integrate security testing into the development lifecycle.
• Operational Security:
• Utilize industry-standard security frameworks to continuously assess and improve the security posture of applications on GCP.
• Involve in a third-party risk management program to assess and manage security risks associated with vendors.
• Maintain an accurate inventory of software licenses used by applications and ensure compliance.
• Implement and manage change management controls for applications.

Foster a Culture of Security:

• Collaborate closely with development, operations, and security teams to ensure the successful implementation and operation of application security controls.
• Effectively communicate security risks and recommendations to stakeholders at all levels.
• Stay informed about emerging threats and vulnerabilities relevant to GCP applications and proactively implement mitigations.

Desired Skills and Experience:

• 5+ years of experience in product management, ideally within the Marketing ecosystem.
• Proven track record of successfully bringing products/features to market as part of a SaaS offering.
• Strong decision-making skills, with the ability to weigh trade-offs, assess risks, and make data-driven decisions.
• Strong technical aptitude with the ability to understand complex technical concepts and communicate effectively with engineers.
• Experience working in an agile development environment.
• Excellent communication, collaboration, stakeholder management, and problem-solving skills.

Who you are:

• Strong understanding of cloud security principles and best practices, specifically for GCP.
• Deep knowledge of application security concepts, vulnerabilities, and attack vectors.
• Experience in designing, implementing, and managing security governance frameworks for cloud applications.
• Familiarity with security standards and frameworks.
• Experience with security tools and technologies.
• Excellent communication, collaboration, and problem-solving skills.

WPP is an equal opportunity employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability.