← back to jobs
> job detail
W
👽Other

Identity, AI and Data Access Governance Lead

WPP · United Kingdom
// classified as
Other (Adjacent or hard to classify.)
posted
2d ago
location
United Kingdom
languages
tools
azure
> stack
azure
> description
<div class="content-intro"><p><strong>WPP is the trusted growth partner for the world’s leading brands.&nbsp;</strong></p> <p><strong>We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.&nbsp;</strong><br><strong>&nbsp;</strong><br><strong>We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise.</strong><br><strong>&nbsp;</strong><br><strong>Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.&nbsp;</strong><br><strong>&nbsp;</strong><br><strong>For more information, visit <a href="https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwpp.com%2F&amp;data=05%7C02%7CErica.Durr%40wpp.com%7C9bf4566a65bc46a48ac008de749116ea%7C150b5e663d884dee83f6ed149b727a00%7C0%7C0%7C639076363668176216%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=Q9juosud56XGLThSFZ1NpPZd6FXpJPxV74OeRZWoh%2B4%3D&amp;reserved=0" target="_blank">WPP.com.</a></strong><br><strong>&nbsp;</strong></p></div><p><span style="text-decoration: underline;"><strong>Why we're hiring:</strong></span></p> <p>The <strong>Identity, AI and Data Access Governance Lead</strong> is responsible for governing who, and what, can access DTS systems, data, APIs, tools, workflows and AI-enabled capabilities.</p> <p>This is a hands-on governance and control role, reporting into the SVP Security and Compliance. The role ensures that access across DTS is appropriate, auditable, reviewed, least-privileged and aligned with security, privacy, compliance and client commitments.</p> <p>The scope covers traditional human access, external users, privileged access, service accounts, machine identities, API keys, tokens, dataset access, and the emerging governance of AI agents and agentic workflows.</p> <p>The role will work closely with Architecture, Security, Product, Engineering, Infrastructure, Privacy, Legal/DPO, TechOps, Enterprise Technology and the ISMS and Risk Officer to ensure DTS has a clear and controlled model for access across platforms such as WPP Open, Choreograph, InfoSum, Open Intelligence, Resolve and related DTS capabilities.</p> <p>&nbsp;</p> <p><span style="text-decoration: underline;"><strong>What you'll be doing:</strong></span></p> <h3><strong>1. Identity and access governance framework</strong></h3> <p>Define and maintain the access governance framework for DTS.</p> <p>This includes:</p> <ul> <li>Defining access governance standards, processes and control expectations.</li> <li>Establishing how access should be requested, approved, provisioned, reviewed, revoked and evidenced.</li> <li>Ensuring access governance covers internal users, external users, clients, partners, vendors, service accounts, machine identities and AI agents.</li> <li>Aligning identity and access governance with DTS architecture, security, privacy, compliance and data governance requirements.</li> <li>Ensuring access governance is practical for product and engineering teams to implement.</li> </ul> <p>&nbsp;</p> <h3><strong>2. Access reviews and recertification</strong></h3> <p>Own the process for regular access reviews and recertification across DTS.</p> <p>This includes:</p> <ul> <li>Defining the scope, frequency and evidence requirements for access reviews.</li> <li>Coordinating access reviews for critical DTS systems, production environments, privileged roles, sensitive datasets, client-facing platforms and administrative tools.</li> <li>Ensuring access review outcomes are tracked, remediated and evidenced.</li> <li>Identifying stale, excessive, orphaned or poorly owned access.</li> <li>Escalating overdue, high-risk or unresolved access issues through the appropriate governance channels.</li> </ul> <p>&nbsp;</p> <h3><strong>3. Privileged access governance</strong></h3> <p>Ensure privileged access across DTS is properly controlled, justified and auditable.</p> <p>This includes:</p> <ul> <li>Reviewing access to production systems, cloud environments, security tools, databases, CI/CD tooling, administrative consoles and sensitive platforms.</li> <li>Supporting least-privilege, just-in-time and time-bound access models where appropriate.</li> <li>Working with Cloud and Platform Security and Infrastructure to improve privileged access controls.</li> <li>Ensuring privileged access risks are visible in the DTS risk register where required.</li> </ul> <p>&nbsp;</p> <h3><strong>4. External user, client and partner access governance</strong></h3> <p>Govern access for external users, clients, agencies, partners and vendors.</p> <p>This includes:</p> <ul> <li>Defining standards for external user onboarding, approval, permissions, expiry and offboarding.</li> <li>Ensuring external access has a clear business owner and justification.</li> <li>Supporting access governance across client workspaces, agency environments, partner integrations and shared collaboration areas.</li> <li>Working with Product and Engineering to ensure tenant, workspace and client-level isolation is appropriately governed.</li> <li>Tracking risks related to stale accounts, vendor access, partner permissions and external user overprivilege.</li> </ul> <p>&nbsp;</p> <h3><strong>5. Service account, machine identity and API access governance</strong></h3> <p>Govern non-human access across DTS systems and platforms.</p> <p>This includes:</p> <ul> <li>Defining standards for service accounts, machine identities, automation users, API keys, tokens, secrets and integration credentials.</li> <li>Ensuring non-human access has clear ownership, purpose, scope, rotation, expiry and auditability.</li> <li>Working with Product, Engineering, Cloud Security and Infrastructure to reduce unmanaged credential risk.</li> <li>Ensuring service accounts and machine identities are included in access reviews.</li> <li>Supporting stronger governance of API access, token issuance, credential lifecycle and integration permissions.</li> </ul> <p>&nbsp;</p> <h3><strong>6. AI and agentic access governance</strong></h3> <p>Define and oversee the governance model for AI agents and agentic workflows across DTS.</p> <p>This includes:</p> <ul> <li>Defining how AI agents are identified, permissioned, monitored, reviewed and revoked.</li> <li>Ensuring agents have clear ownership, scoped permissions and auditable actions.</li> <li>Defining which agent actions require human approval or additional control.</li> <li>Governing agent access to APIs, tools, datasets, workflows, client environments and production capabilities.</li> <li>Ensuring agents act within delegated authority and cannot exceed the permissions of the user, system or business process they represent.</li> <li>Working with Product, Architecture and Security to ensure agentic workflows are designed with clear action boundaries.</li> <li>Working with the Product, Application and Offensive Security Lead to test whether agent permissions and action boundaries can be bypassed.</li> <li>Working with Privacy Engineering to ensure AI access models support permitted use, minimisation and data protection requirements.</li> </ul> <h3><strong>7. Data access governance</strong></h3> <p>Govern access to sensitive, client, partner and WPP-owned data across DTS.</p> <p>This includes:</p> <ul> <li>Defining standards for dataset access approval, review, revocation and evidence.</li> <li>Supporting data classification from an access-control and security-governance perspective.</li> <li>Ensuring access to sensitive data is role-based, purpose-based, least-privileged and auditable.</li> <li>Supporting controls for cross-client, cross-market, cross-agency and partner data access.</li> <li>Ensuring data access governance supports InfoSum, Open Intelligence, Resolve, WPP Open and other DTS data collaboration use cases.</li> <li>Working with Privacy Engineering on data minimisation, permitted use, retention and privacy-by-design requirements.</li> <li>Ensuring data access risks are surfaced through the DTS risk process.</li> </ul> <p>&nbsp;</p> <h3><strong>8. Governance of access to tools, workflows and actions</strong></h3> <p>Ensure access governance extends beyond systems and datasets into tools, workflows and actions.</p> <p>This includes:</p> <ul> <li>Defining governance for access to operational tools, workflow automation, orchestration systems, AI tools and administrative actions.</li> <li>Ensuring high-risk actions are subject to appropriate approval, logging and monitoring.</li> <li>Supporting segregation of duties across sensitive workflows.</li> <li>Ensuring automated workflows and agents have clearly scoped authority.</li> <li>Working with Security Operations to ensure high-risk access and actions are visible in monitoring and detection processes.</li> </ul> <p>&nbsp;</p> <h3><strong>9. Auditability, evidence and reporting</strong></h3> <p>Maintain clear evidence of access governance and support audit and assurance requirements.</p> <p>This includes:</p> <ul> <li>Producing access governance evidence for SOC 2, ISO 27001, client assurance, internal audit and risk reviews.</li> <li>Working with the ISMS and Risk Officer to ensure access controls, reviews, exceptions and remediation actions are documented.</li> <li>Reporting on access review completion, high-risk access, overdue actions and access control gaps.</li> <li>Supporting client and audit questions related to identity, access, privileged roles, service accounts, AI agents and data access.</li> <li>Ensuring access governance is repeatable, measurable and auditable.</li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;"><strong>Who you'll be working with:</strong></span></p> <p>The Identity, AI and Data Access Governance Lead will be accountable for:</p> <ul> <li>DTS identity and access governance standards.</li> <li>Regular access reviews and recertification.</li> <li>Privileged access governance.</li> <li>External user, client, partner and vendor access governance.</li> <li>Service account, machine identity, API key and token governance.</li> <li>AI agent identity, permission and action governance.</li> <li>Dataset and sensitive data access governance.</li> <li>Governance of access to tools, workflows and high-risk actions.</li> <li>Access governance evidence for audit, compliance and client assurance.</li> <li>Escalation of material access risks into the DTS risk process.</li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;"><strong>What you'll need:</strong></span></p> <p>The successful candidate will have:</p> <ul> <li>Experience in identity governance, access management, IAM, security governance, GRC, data access control or platform security.</li> <li>Strong understanding of least privilege, role-based access control, attribute-based access control, access reviews, privileged access and segregation of duties.</li> <li>Experience governing access across SaaS platforms, cloud environments, APIs, data platforms or enterprise technology estates.</li> <li>Knowledge of identity platforms such as Okta, Auth0, Keycloak, Azure AD / Entra ID or similar.</li> <li>Understanding of service accounts, machine identities, API keys, tokens, secrets and non-human access governance.</li> <li>Understanding of AI agents, agentic workflows, delegated authority and tool-access governance would be highly valuable.</li> <li>Understanding of data classification, dataset access governance, privacy-by-design and audit requirements.</li> <li>Ability to work across security, architecture, product, engineering, infrastructure, legal, privacy and compliance teams.</li> <li>Strong organisational skills and ability to coordinate reviews, evidence, remediation and reporting.</li> <li>Ability to translate complex access issues into clear risks, controls and practical actions.</li> </ul> <p>&nbsp;</p> <h2><strong>Leadership expectations</strong></h2> <p>The Identity, AI and Data Access Governance Lead is expected to:</p> <ul> <li>Be structured, disciplined and pragmatic.</li> <li>Bring clarity to complex access and permission models.</li> <li>Challenge excessive, unclear or poorly governed access.</li> <li>Work constructively with product and engineering teams to design workable controls.</li> <li>Avoid creating unnecessary bureaucracy while ensuring access is properly governed.</li> <li>Treat human, machine and agent access as part of the same control landscape.</li> <li>Escalate material access risks clearly and early.</li> <li>Support DTS in building a secure, auditable and scalable access governance model.</li> </ul> <p>&nbsp;</p> <h2><strong>Success measures</strong></h2> <p>Success in the role will be measured by:</p> <ul> <li>DTS having clear identity, access and data access governance standards.</li> <li>Regular access reviews completed on schedule with evidence.</li> <li>Reduction in stale, excessive, orphaned or poorly owned access.</li> <li>Stronger governance of privileged access and production access.</li> <li>Clear ownership and review of service accounts, machine identities, API keys and tokens.</li> <li>Defined governance for AI agent identities, permissions and actions.</li> <li>Improved auditability of access to data, APIs, tools, workflows and production systems.</li> <li>Better alignment between identity, security, privacy, architecture, product and engineering teams.</li> <li>Material access risks being visible through the DTS risk register and Risk Review Board.</li> <li>Increased confidence that DTS can answer: who or what has access to what, why, and when was it last reviewed?</li> </ul> <p><span style="text-decoration: underline;"><strong>Who you are:</strong></span></p> <p><strong>You're open<em>:</em> </strong>We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.</p> <p><strong>You're optimistic<em>:</em></strong> <span id="628d56ad5d8a35dab853e65d9daa237c" class="editor-module-hl-green-solid">We believe</span> in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.</p> <p><strong>You're extraordinary:</strong> we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.</p> <p>&nbsp;</p> <p><span style="text-decoration: underline;"><strong>What we'll give you:</strong></span></p> <p><strong>Passionate, inspired people</strong> – We aim to create a culture in which people can do extraordinary work.</p> <p><strong>Scale and opportunity</strong> – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.</p> <p><strong>Challenging and stimulating work</strong> – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?</p> <p><span style="color: rgb(236, 240, 241);">#LI-Hybrid&nbsp;</span></p><div class="content-conclusion"><p><strong>We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.</strong></p> <p><strong>WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.</strong></p> <h4><strong>Please read our Privacy Notice (<a href="https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment">https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment</a>) for more information on how we process the information you provide.</strong></h4></div>