Technology Risk & CRC Strategy Director

Why we're hiring:

WPP’s Cyber, Risk & Compliance (CRC) function is undergoing significant transformation and growth. With Technology Risk, Cyber Resilience, and overall CRC strategy now central to protecting and enabling our business, this pivotal role sits at the heart of that journey.

As Director of Technology Risk & CRC Strategy, you will shape and scale a modern, enterprise-wide capability for technology risk and resilience. You'll partner closely with the wider CRC leadership team to evolve our Operational Security model, embedding a proactive, engineering-led approach to risk, detection, and response.

Joining Enterprise Technology at a truly exciting time, you'll have the mandate, backing, and ambition to build something impactful. You will collaborate with senior leaders across WPP, turning risk insights into action, influencing critical transformation priorities, and future-proofing one of the world’s leading creative organisations.

What you'll be doing:

• Lead the definition and implementation of WPP’s Enterprise Technology (ET) risk and issue management framework, including supporting policies, standards, and technology controls.
• Conduct enterprise-wide technology risk assessments, threat modelling, and scenario planning, translating complex insights into executive recommendations for strategic, investment, and prioritisation decisions.
• Govern technology risk registers and issue tracking, overseeing remediation planning, mitigation programs, and risk acceptance processes.
• Enhance technology and operational security resilience practices through robust continuity planning, testing cycles, and scenario exercises.
• Shape and articulate the CRC's functional vision, objectives, and strategy, ensuring alignment with WPP’s overarching strategic priorities. Provide expert counsel to senior stakeholders on transformation and strategic alignment initiatives.
• Oversee CRC's portfolio governance, including business case development for new demand, demand forecasting, planning, and performance management.
• Integrate operational security capabilities, controls, and technology risk requirements seamlessly into Mergers, Acquisitions, & Divestitures (MA&D) processes.
• Cultivate strong relationships with key stakeholders across Enterprise Technology, Group Functions, and agencies, ensuring transparent communication on technology risk, strategy, and portfolio initiatives.
• Partner with Finance, CRC Leadership, and global stakeholders to manage the CRC functional budget, overseeing budget setting, in-year spending, business case expenditure, and value creation realization.
• Establish, lead, and develop a central Risk, Strategy, and Transformation Office within CRC, focusing on talent development, performance management, and nurturing a high-performing team.
• Elevate the standardisation and maturity of CRC reporting, delivering key metrics and insights to board, senior leadership, and operational levels. Support the planning and coordination of CRC leadership and governance forums, and deputise for the Chief Cyber, Risk and Compliance Officer as needed.

Who you'll be working with:

• Enterprise Technology Leadership Team
• Cyber, Risk & Compliance Leadership Team
• ET Strategy & Transformation Directors (Clusters & GDs)
• Global Functional Leads (Finance, Legal, DPO, CISO Office)
• Internal Audit and External Assurance Partners
• Strategic Third-Party Partners

What you'll need:

Leadership & Expertise:

• Proven leadership in establishing and maturing enterprise-level technology and security risk management programs.
• Demonstrated expertise in leading security strategy and transformation initiatives.
• Profound subject matter expertise across Operational Security (Cyber), Technology Risk Management, and Compliance.
• Strong People Leadership: Demonstrated ability to lead, mentor, and develop high-performing teams, both directly and virtually.

Technical Acumen & Compliance:

• Deep command of industry-standard risk and technology compliance frameworks (e.g., ISO 27001/31000, SOX, SOC2).
• Extensive experience engaging with internal audit, external assurance providers, and regulatory bodies.
• Proficiency in data-driven risk analytics, performance reporting, and key metrics development.
• Expertise in technology resilience, business continuity planning, testing, and strategic development.

Business Acumen & Strategic Impact:

• Highly developed strategic thinking and planning capabilities.
• Strong program management expertise.
• Proven experience in robust business case development and benefits realization tracking.
• Sound financial management skills, including budgeting and cost control.
• Results-oriented mindset, with strong problem-solving acumen and a drive for innovation.

Interpersonal & Influence:

• Exceptional communication and collaboration skills, with a proven ability to manage and influence senior stakeholders effectively.

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

#LI-Onsite