
WPP · São Paulo
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-ge...
WPP is the trusted growth partner for the world’s leading brands.
We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative
enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing
platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.
We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise.
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning,
attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.
For more information, visit WPP.com.
We are looking to hire an individual that will own the identification, assessment, documentation and monitoring of digital and
information security risks across WPP, ensuring risks are clearly articulated, consistently assessed and effectively tracked.
What you'll be doing
Risk Assessment & Management
Risk Management
vulnerabilities and recommend mitigation strategies.
Risk Treatment & Monitoring
lifecycles.
Nice - to- have
Key Behaviours & Competencies
efficiency.
You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views.
We are open-minded: to new ideas, new partnerships, new ways of working.
You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our
clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.
You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers
of our industry; we provide extraordinary every day.
Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.
Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the
industry.
Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the
challenge?
#LI-Hybrid
We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve
adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please
discuss this with the hiring team during the interview process.
WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular
characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same
opportunities to progress in their careers.
PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. Why we're hiring: The Security Awareness Specialist will lead the design, delivery, and continuous evolution of our global security awareness programme. This role owns the full training lifecycle—from planning and content creation through to monthly delivery, engagement, and performance measurement. As part of the global Digital Security & Risk Management function, you will play a key role in shaping secure behaviours across WPP. You’ll achieve this through engaging training experiences, behavioural nudges, and impactful monthly spotlight campaigns aligned to our annual strategy. This is a hands-on role requiring creativity, structure, and the ability to drive consistent behavioural change at scale through our learning platforms. What you'll be doing: Programme Planning * Develop and maintain the annual security awareness and behaviour change roadmap * Align monthly themes with key organisational risks, the evolving threat landscape, and regulatory requirements (e.g., ISO 27001/42001, SOC2) * Continuously enhance the programme using AI-driven approaches, microlearning, and behavioural science techniques Content Creation & Training Development * Design high-quality, engaging training content (videos, modules, microlearning, quizzes, infographics, behavioural nudges) * Craft clear, creative, and human-centred messaging for campaigns and monthly spotlights * Partner with security SMEs to translate complex technical risks into simple, actionable behaviours * Maintain and evolve a library of evergreen learning materials Training Delivery * Build, configure, and publish monthly training modules in the Learning Management System (LMS) * Ensure content is accessible, relevant, and consistent across regions and brands Monthly Spotlight Campaigns * Deliver targeted awareness campaigns aligned to the annual programme (e.g., phishing, identity security, AI safety, data handling) * Execute short-form behavioural nudges via email, intranet, and internal communications channels Measurement & Continuous Improvement * Track training completion, engagement, and behavioural outcomes * Analyse data from phishing simulations, LMS analytics, and incident trends to inform programme improvements * Produce monthly and quarterly reporting for the CISO and security leadership * Benchmark programme effectiveness against industry standards Collaboration & Stakeholder Management * Partner with Business Security Services leads and stakeholders to drive adoption and engagement * Support awareness initiatives during major incidents, policy updates, and key business events What you'll need: * Experience in security awareness, internal communications, learning design, or behavioural training * A strong ability to simplify complex cyber security concepts into clear, actionable messaging * Excellent storytelling, copywriting, and content creation skills * Hands-on experience with LMS platforms and e-learning authoring tools * Strong organisational and project management skills, with the ability to manage a consistent monthly cadence * Comfortable operating in a fast-paced, global environment * Solid understanding of cyber security fundamentals (e.g., phishing, identity, data handling, cloud, AI safety) * Familiarity with behavioural science principles (e.g., nudging, habit formation, reinforcement) is a plus Please submit your application in English. Who you are: You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? #LI-Hybrid We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE PROCESS THE INFORMATION YOU PROVIDE.
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise. Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. For more information, visit WPP.com. Why we're hiring: The Technical Security Governance Lead is responsible for leading one or more technical security governance domains within Digital Security & Risk Management (DSRM). The role defines enforceable security guardrails and minimum baselines, monitors security posture and exposure, and provides independent oversight and challenge to Enterprise Technology (ET), DT&S engineering teams, and business-managed technology owners. This role focuses on risk, exposure, and control effectiveness—ensuring that technical security risks are consistently identified, assessed, escalated, and reported—without designing, building, configuring, or operating technology platforms. What you'll be doing: Technical Security Governance * Define and maintain technical governance guardrails, minimum baselines, and posture expectations for assigned domains. * Translate enterprise policies, standards, and risk appetite into clear and actionable technical expectations for execution teams. * Define exception criteria, escalation thresholds, and evidence requirements to ensure governance is auditable and defensible. * Provide independent challenge to remediation plans and risk acceptances where residual risk remains unacceptable. Compliance Monitoring * Support audit readiness by ensuring evidence requirements are defined, traceable, and consistently produced by execution owners. * Contribute technical governance input to ISO/SOC and internal assurance activities, including control operation validation where required. * Identify recurring compliance gaps and drive corrective actions through agreed remediation plans and escalation routes. Collaboration and Stakeholder Engagement * Partner with Enterprise Technology, DT&S engineering, and business-managed technology owners to embed governance expectations into delivery workflows. * Work closely with Risk Management, Client Assurance & Vendor Risk, and BISOs to ensure consistent risk visibility and business context. * Communicate expectations clearly and pragmatically, enabling delivery teams to move quickly within defined boundaries. CONTINUOUS IMPROVEMENT * Identify opportunities to improve governance processes, automation, and reporting to reduce friction and improve risk outcomes. * Stay informed on emerging threats and technical risk trends and incorporate relevant changes into governance expectations. * Drive maturity improvements across domains through measurable targets and iterative uplift plans. Domain Related Responsibilities - Identity * Define identity guardrails including authentication strength, privileged access controls, and identity-based risk thresholds. * Monitor identity posture signals (e.g., MFA coverage, privileged access hygiene, risky access paths) and escalate systemic weaknesses. * Ensure identity governance is treated as a primary attack-vector control domain across cloud, endpoint, and product environments. What you'll need: Essential * Fluent English – reading, writing and conversation skills. * Demonstrable experience in technical security governance, security assurance, or risk-based security oversight in a global environment * Strong understanding of cybersecurity policies, standards, and frameworks (e.g., ISO 27001, NIST CSF). * Strong understanding of cloud security, vulnerability management, identity risk, and modern attack paths and exposure management. * Experience working with global engineering and operations teams * Excellent analytical, problem-solving, and critical thinking skills. * Strong communication and interpersonal skills, with the ability to collaborate effectively across teams. * Ability to communicate risk and technical posture clearly to senior stakeholders and non-technical audiences. Nice-to-Have * Certifications such as CISSP, Azure, AWS, GCP or other related to the domain. * Familiarity with posture and detection tooling (e.g., CNAPP/CSPM, EDR, vulnerability scanning, identity telemetry) and evidence management approaches. * Working knowledge of agile methodologies. * Experience in multinational, multicultural and matrixed companies. * Bachelor's degree in Information Security, Computer Science or a related field Key Behaviour's & Competencies * Experience operating in decentralised or federated organisations — holding companies, media groups, professional services firms, or global technology businesses — where governance relies on influence rather than control. * Demonstrated ability to build governance programmes from the ground up, including posture measurement frameworks, KPI/KRI design, and executive risk reporting. * Broad technical security knowledge across multiple domains — enough to lead a specialist team, provide credible challenge, and recognise when you are being given an incomplete picture. * Strong executive communication skills — able to translate complex risk and posture data into clear, honest narratives for senior and non-technical audiences. * Experience governing across multiple regions and regulatory environments, with familiarity with GDPR and other major data protection frameworks. * Familiarity with client data obligations and the reputational and commercial stakes that come with them. Applicants are asked to submit their application in English. Who you are: You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working. You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected. You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day. What we'll give you: Passionate, inspired people – We aim to create a culture in which people can do extraordinary work. Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry. Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge? #LI-Hybrid We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process. WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers. PLEASE READ OUR PRIVACY NOTICE (HTTPS://WWW.WPP.COM/EN/CAREERS/WPP-PRIVACY-POLICY-FOR-RECRUITMENT) FOR MORE INFORMATION ON HOW WE PROCESS THE INFORMATION YOU PROVIDE.
Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology, and trading expertise has shaped our collaborative mindset, which enables us to solve the most complex challenges. QRT’s culture of innovation continuously drives our ambition to deliver high quality returns for our investors. As a Cyber Risk Specialist, you’ll provide strategic guidance across risk and governance remits within the security team. You’ll collaborate with different teams and stakeholders across the business to ensure our security governance is robust, scalable, and deployable. This position has high visibility across the business and exposure to all parts of the trading lifecycle. Your future role at QRT * Cyber Risk Management * Maintain and enhance the Information Security risk register as a live, decision-useful tool. * Work with stakeholders to assess, track, and manage risks across systems, processes, and third parties. * Develop clear, data-led risk narratives for leadership. * Track remediation actions and support risk-based prioritisation. * Governance and Policy * Maintain and improve security policies, standards, and supporting documentation. * Align internal requirements with relevant frameworks, regulations, and business needs. * Ensure documentation is clear, current, and accessible to technical and business stakeholders. * Support practical and scalable security governance. * Audit and Assurance * Coordinate external reviews, client assurance requests, regulatory enquiries, and internal audits. * Gather and validate evidence from technical and business teams. * Maintain assurance materials and evidence repositories. * Track findings and remediation actions through to closure. * Compliance and Control Effectiveness * Support control assurance and testing activities. * Monitor adherence to internal policies, contractual commitments, and external obligations. * Help map controls to relevant frameworks such as ISO 27001, NIST, SOC 2, and DORA. * Identify control gaps and support pragmatic remediation. * Training and Awareness * Contribute to targeted security awareness activities, particularly for technical teams. * Tailor security messaging for different audiences. * Track completion, engagement, and impact of awareness activities. * Reporting and Insight * Develop concise dashboards and reports for leadership. * Highlight trends, control health, emerging risks, and areas requiring attention. * Use data to support findings, prioritisation, and decision-making. Your present skillset * 5+ years’ experience in information security, cyber risk, GRC, audit, assurance, or a related discipline. * Strong understanding of security frameworks and regulations such as ISO 27001, NIST, SOC 2, DORA, or similar. * Experience coordinating audits, assurance activity, regulatory reviews, or control assessments. * Strong written and verbal communication skills. * Experience working with cross-functional teams, including technology, legal, compliance, and business stakeholders. * Strong organisational skills and the ability to manage multiple workstreams. * Familiarity with GRC platforms such as Drata, Vanta, ServiceNow GRC, Archer, or similar. * Strong data literacy, including experience using dashboards, metrics, or raw data to support findings. * Confidence driving small projects or workstreams independently. * Desirable: * Experience in financial services, quantitative trading, investment management, or another highly technical environment. * Familiarity with cloud platforms, infrastructure, software development, or third-party technology risk. * Experience improving risk reporting, control testing, assurance workflows, or evidence management processes. * Understanding of operational resilience, third-party risk, or regulatory technology expectations. QRT is an equal opportunity employer. We value diversity as essential to our success and are committed to creating an environment where employees can work openly, respectfully, and collaboratively. In addition to supporting professional achievement, QRT offers initiatives and programmes designed to help employees maintain a healthy work-life balance.