Tailor your resume for this job
Tailored resumes get up to 2x more interviews. Match yours in seconds.
Job description
WPP is the trusted growth partner for the world’s leading brands.
We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.
We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise.
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.
For more information, visit WPP.com.
Why we're hiring:
The Identity, AI and Data Access Governance Lead is responsible for governing who, and what, can access DTS systems, data, APIs, tools, workflows and AI-enabled capabilities.
This is a hands-on governance and control role, reporting into the SVP Security and Compliance. The role ensures that access across DTS is appropriate, auditable, reviewed, least-privileged and aligned with security, privacy, compliance and client commitments.
The scope covers traditional human access, external users, privileged access, service accounts, machine identities, API keys, tokens, dataset access, and the emerging governance of AI agents and agentic workflows.
The role will work closely with Architecture, Security, Product, Engineering, Infrastructure, Privacy, Legal/DPO, TechOps, Enterprise Technology and the ISMS and Risk Officer to ensure DTS has a clear and controlled model for access across platforms such as WPP Open, Choreograph, InfoSum, Open Intelligence, Resolve and related DTS capabilities.
What you'll be doing:
1. Identity and access governance framework
Define and maintain the access governance framework for DTS.
This includes:
- Defining access governance standards, processes and control expectations.
- Establishing how access should be requested, approved, provisioned, reviewed, revoked and evidenced.
- Ensuring access governance covers internal users, external users, clients, partners, vendors, service accounts, machine identities and AI agents.
- Aligning identity and access governance with DTS architecture, security, privacy, compliance and data governance requirements.
- Ensuring access governance is practical for product and engineering teams to implement.
2. Access reviews and recertification
Own the process for regular access reviews and recertification across DTS.
This includes:
- Defining the scope, frequency and evidence requirements for access reviews.
- Coordinating access reviews for critical DTS systems, production environments, privileged roles, sensitive datasets, client-facing platforms and administrative tools.
- Ensuring access review outcomes are tracked, remediated and evidenced.
- Identifying stale, excessive, orphaned or poorly owned access.
- Escalating overdue, high-risk or unresolved access issues through the appropriate governance channels.
3. Privileged access governance
Ensure privileged access across DTS is properly controlled, justified and auditable.
This includes:
- Reviewing access to production systems, cloud environments, security tools, databases, CI/CD tooling, administrative consoles and sensitive platforms.
- Supporting least-privilege, just-in-time and time-bound access models where appropriate.
- Working with Cloud and Platform Security and Infrastructure to improve privileged access controls.
- Ensuring privileged access risks are visible in the DTS risk register where required.
4. External user, client and partner access governance
Govern access for external users, clients, agencies, partners and vendors.
This includes:
- Defining standards for external user onboarding, approval, permissions, expiry and offboarding.
- Ensuring external access has a clear business owner and justification.
- Supporting access governance across client workspaces, agency environments, partner integrations and shared collaboration areas.
- Working with Product and Engineering to ensure tenant, workspace and client-level isolation is appropriately governed.
- Tracking risks related to stale accounts, vendor access, partner permissions and external user overprivilege.
5. Service account, machine identity and API access governance
Govern non-human access across DTS systems and platforms.
This includes:
- Defining standards for service accounts, machine identities, automation users, API keys, tokens, secrets and integration credentials.
- Ensuring non-human access has clear ownership, purpose, scope, rotation, expiry and auditability.
- Working with Product, Engineering, Cloud Security and Infrastructure to reduce unmanaged credential risk.
- Ensuring service accounts and machine identities are included in access reviews.
- Supporting stronger governance of API access, token issuance, credential lifecycle and integration permissions.
6. AI and agentic access governance
Define and oversee the governance model for AI agents and agentic workflows across DTS.
This includes:
- Defining how AI agents are identified, permissioned, monitored, reviewed and revoked.
- Ensuring agents have clear ownership, scoped permissions and auditable actions.
- Defining which agent actions require human approval or additional control.
- Governing agent access to APIs, tools, datasets, workflows, client environments and production capabilities.
- Ensuring agents act within delegated authority and cannot exceed the permissions of the user, system or business process they represent.
- Working with Product, Architecture and Security to ensure agentic workflows are designed with clear action boundaries.
- Working with the Product, Application and Offensive Security Lead to test whether agent permissions and action boundaries can be bypassed.
- Working with Privacy Engineering to ensure AI access models support permitted use, minimisation and data protection requirements.
7. Data access governance
Govern access to sensitive, client, partner and WPP-owned data across DTS.
This includes:
- Defining standards for dataset access approval, review, revocation and evidence.
- Supporting data classification from an access-control and security-governance perspective.
- Ensuring access to sensitive data is role-based, purpose-based, least-privileged and auditable.
- Supporting controls for cross-client, cross-market, cross-agency and partner data access.
- Ensuring data access governance supports InfoSum, Open Intelligence, Resolve, WPP Open and other DTS data collaboration use cases.
- Working with Privacy Engineering on data minimisation, permitted use, retention and privacy-by-design requirements.
- Ensuring data access risks are surfaced through the DTS risk process.
8. Governance of access to tools, workflows and actions
Ensure access governance extends beyond systems and datasets into tools, workflows and actions.
This includes:
- Defining governance for access to operational tools, workflow automation, orchestration systems, AI tools and administrative actions.
- Ensuring high-risk actions are subject to appropriate approval, logging and monitoring.
- Supporting segregation of duties across sensitive workflows.
- Ensuring automated workflows and agents have clearly scoped authority.
- Working with Security Operations to ensure high-risk access and actions are visible in monitoring and detection processes.
9. Auditability, evidence and reporting
Maintain clear evidence of access governance and support audit and assurance requirements.
This includes:
- Producing access governance evidence for SOC 2, ISO 27001, client assurance, internal audit and risk reviews.
- Working with the ISMS and Risk Officer to ensure access controls, reviews, exceptions and remediation actions are documented.
- Reporting on access review completion, high-risk access, overdue actions and access control gaps.
- Supporting client and audit questions related to identity, access, privileged roles, service accounts, AI agents and data access.
- Ensuring access governance is repeatable, measurable and auditable.
Who you'll be working with:
The Identity, AI and Data Access Governance Lead will be accountable for:
- DTS identity and access governance standards.
- Regular access reviews and recertification.
- Privileged access governance.
- External user, client, partner and vendor access governance.
- Service account, machine identity, API key and token governance.
- AI agent identity, permission and action governance.
- Dataset and sensitive data access governance.
- Governance of access to tools, workflows and high-risk actions.
- Access governance evidence for audit, compliance and client assurance.
- Escalation of material access risks into the DTS risk process.
What you'll need:
The successful candidate will have:
- Experience in identity governance, access management, IAM, security governance, GRC, data access control or platform security.
- Strong understanding of least privilege, role-based access control, attribute-based access control, access reviews, privileged access and segregation of duties.
- Experience governing access across SaaS platforms, cloud environments, APIs, data platforms or enterprise technology estates.
- Knowledge of identity platforms such as Okta, Auth0, Keycloak, Azure AD / Entra ID or similar.
- Understanding of service accounts, machine identities, API keys, tokens, secrets and non-human access governance.
- Understanding of AI agents, agentic workflows, delegated authority and tool-access governance would be highly valuable.
- Understanding of data classification, dataset access governance, privacy-by-design and audit requirements.
- Ability to work across security, architecture, product, engineering, infrastructure, legal, privacy and compliance teams.
- Strong organisational skills and ability to coordinate reviews, evidence, remediation and reporting.
- Ability to translate complex access issues into clear risks, controls and practical actions.
Leadership expectations
The Identity, AI and Data Access Governance Lead is expected to:
- Be structured, disciplined and pragmatic.
- Bring clarity to complex access and permission models.
- Challenge excessive, unclear or poorly governed access.
- Work constructively with product and engineering teams to design workable controls.
- Avoid creating unnecessary bureaucracy while ensuring access is properly governed.
- Treat human, machine and agent access as part of the same control landscape.
- Escalate material access risks clearly and early.
- Support DTS in building a secure, auditable and scalable access governance model.
Success measures
Success in the role will be measured by:
- DTS having clear identity, access and data access governance standards.
- Regular access reviews completed on schedule with evidence.
- Reduction in stale, excessive, orphaned or poorly owned access.
- Stronger governance of privileged access and production access.
- Clear ownership and review of service accounts, machine identities, API keys and tokens.
- Defined governance for AI agent identities, permissions and actions.
- Improved auditability of access to data, APIs, tools, workflows and production systems.
- Better alignment between identity, security, privacy, architecture, product and engineering teams.
- Material access risks being visible through the DTS risk register and Risk Review Board.
- Increased confidence that DTS can answer: who or what has access to what, why, and when was it last reviewed?
Who you are:
You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are open-minded: to new ideas, new partnerships, new ways of working.
You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.
You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.
What we'll give you:
Passionate, inspired people – We aim to create a culture in which people can do extraordinary work.
Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.
Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?
#LI-Hybrid
We believe the best work happens when we're together, fostering creativity, collaboration, and connection. That's why we’ve adopted a hybrid approach, with teams in the office around four days a week. If you require accommodations or flexibility, please discuss this with the hiring team during the interview process.
WPP is an equal opportunity employer and considers applicants for all positions without discrimination or regard to particular characteristics. We are committed to fostering a culture of respect in which everyone feels they belong and has the same opportunities to progress in their careers.
Please read our Privacy Notice (https://www.wpp.com/en/careers/wpp-privacy-policy-for-recruitment) for more information on how we process the information you provide.
Find your next job on Mokaru
Search thousands of live jobs from company career pages, updated every day.
Browse all jobs

