Identity, AI and Data Access Governance Lead
Apply to this job with Jobbie
Jobbie fills out the application and submits it for you — no forms, no cover letters, no retyping your resume.
Sign up to applyJobbie fills out the application and submits it for you — no forms, no cover letters, no retyping your resume.
Sign up to apply<div class="content-intro"><p><strong>WPP is the trusted growth partner for the world’s leading brands. </strong></p> <p><strong>We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth. </strong><br><strong> </strong><br><strong>We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise.</strong><br><strong> </strong><br><strong>Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow. </strong><br><strong> </strong><br><strong>For more information, visit <a href="https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwpp.com%2F&data=05%7C02%7CErica.Durr%40wpp.com%7C9bf4566a65bc46a48ac008de749116ea%7C150b5e663d884dee83f6ed149b727a00%7C0%7C0%7C639076363668176216%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Q9juosud56XGLThSFZ1NpPZd6FXpJPxV74OeRZWoh%2B4%3D&reserved=0" target="_blank">WPP.com.</a></strong><br><strong> </strong></p></div><p><span style="text-decoration: underline;"><strong>Why we're hiring:</strong></span></p> <p>The <strong>Identity, AI and Data Access Governance Lead</strong> is responsible for governing who, and what, can access DTS systems, data, APIs, tools, workflows and AI-enabled capabilities.</p> <p>This is a hands-on governance and control role, reporting into the SVP Security and Compliance. The role ensures that access across DTS is appropriate, auditable, reviewed, least-privileged and aligned with security, privacy, compliance and client commitments.</p> <p>The scope covers traditional human access, external users, privileged access, service accounts, machine identities, API keys, tokens, dataset access, and the emerging governance of AI agents and agentic workflows.</p> <p>The role will work closely with Architecture, Security, Product, Engineering, Infrastructure, Privacy, Legal/DPO, TechOps, Enterprise Technology and the ISMS and Risk Officer to ensure DTS has a clear and controlled model for access across platforms such as WPP Open, Choreograph, InfoSum, Open Intelligence, Resolve and related DTS capabilities.</p> <p> </p> <p><span style="text-decoration: underline;"><strong>What you'll be doing:</strong></span></p> <h3><strong>1. Identity and access governance framework</strong></h3> <p>Define and maintain the access governance framework for DTS.</p> <p>This includes:</p> <ul> <li>Defining access governance standards, processes and control expectations.</li> <li>Establishing how access should be requested, approved, provisioned, reviewed, revoked and evidenced.</li> <li>Ensuring access governance covers internal users, external users, clients, partners, vendors, service accounts, machine identities and AI agents.</li> <li>Aligning identity and access governance with DTS architecture, security, privacy, compliance and data governance requirements.</li> <li>Ensuring access governance is practical for product and engineering teams to implement.</li> </ul> <p> </p> <h3><strong>2. Access reviews and recertification</strong></h3> <p>Own the process for regular access reviews and recertification across DTS.</p> <p>This includes:</p> <ul> <li>Defining the scope, frequency and evidence requirements for access reviews.</li> <li>Coordinating access reviews for critical DTS systems, production environments, privileged roles, sensitive datasets, client-facing platforms and administrative tools.</li> <li>Ensuring access review outcomes are tracked, remediated and evidenced.</li> <li>Identifying stale, excessive, orphaned or poorly owned access.</li> <li>Escalating overdue, high-risk or unresolved access issues through the appropriate governance channels.</li> </ul> <p> </p> <h3><strong>3. Privileged access governance</strong></h3> <p>Ensure privileged access across DTS is properly controlled, justified and auditable.</p> <p>This includes:</p> <ul> <li>Reviewing access to production systems, cloud environments, security tools, databases, CI/CD tooling, administrative consoles and sensitive platforms.</li> <li>Supporting least-privilege, just-in-time and time-bound access models where appropriate.</li> <li>Working with Cloud and Platform Security and Infrastructure to improve privileged access controls.</li> <li>Ensuring privileged access risks are visible in the DTS risk register where required.</li> </ul> <p> </p> <h3><strong>4. External user, client and partner access governance</strong></h3> <p>Govern access for external users, clients, agencies, partners and vendors.</p> <p>This includes:</p> <ul> <li>Defining standards for external user onboarding, approval, permissions, expiry and offboarding.</li> <li>Ensuring external access has a clear business owner and justification.</li> <li>Supporting access governance across client workspaces, agency environments, partner integrations and shared collaboration areas.</li> <li>Working with Product and Engineering to ensure tenant, workspace and client-level isolation is appropriately governed.</li> <li>Tracking risks related to stale accounts, vendor access, partner permissions and external user overprivilege.</li> </ul> <p> </p> <h3><strong>5. Service account, machine identity and API access governance</strong></h3> <p>Govern non-human access across DTS systems and platforms.</p> <p>This includes:</p> <ul> <li>Defining standards for service accounts, machine identities, automation users, API keys, tokens, secrets and integration credentials.</li> <li>Ensuring non-human access has clear ownership, purpose, scope, rotation, expiry and auditability.</li> <li>Working with Product, Engineering, Cloud Security and Infrastructure to reduce unmanaged credential risk.</li> <li>Ensuring service accounts and machine identities are included in access reviews.</li> <li>Supporting stronger governance of API access, token issuance, credential lifecycle and integration permissions.</li> </ul> <p> </p> <h3><strong>6. AI and agentic access governance</strong></h3> <p>Define and oversee the governance model for AI agents and agentic workflows across DTS.</p> <p>This includes:</p> <ul> <li>Defining how AI agents are identified, permissioned, monitored, reviewed and revoked.</li> <li>Ensuring agents have clear ownership, scoped permissions and auditable actions.</li> <li>Defining which agent actions require human approval or additional control.</li> <li>Governing agent access to APIs, tools, datasets, workflows, client environments and production capabilities.</li> <li>Ensuring agents act within delegated authority and cannot exceed the permissions of the user, system or business process they represent.</li> <li>Working with Product, Architecture and Security to ensure agentic workflows are designed with clear action boundaries.</li> <li>Working with the Product, Application and Offensive Security Lead to test whether agent permissions and action boundaries can be bypassed.</li> <li>Working with Privacy Engineering to ensure AI access models support permitted use, minimisation and data protection requirements.</li> </ul> <h3><strong>7. Data access governance</strong></h3> <p>Govern access to sensitive, client, partner and WPP-owned data across DTS.</p> <p>This includes:</p> <ul> <li>Defining standards for dataset access approval, review, revocation and evidence.</li> <li>Supporting data classification from an access-control and security-governance perspective.</li> <li>Ensuring access to sensitive data is role-based, purpose-based, least-privileged and auditable.</li> <li>Supporting controls for cross-client, cross-market, cross-agency and partner data access.</li> <li>Ensuring data access governance supports InfoSum, Open Intelligence, Resolve, WPP Open and other DTS data collaboration use cases.</li> <li>Working with Privacy Engineering on data minimisation, permitted use, retention and privacy-by-design requirements.</li> <li>Ensuring data access risks are surfaced through the DTS risk process.</li> </ul> <p> </p> <h3><strong>8. Governance of access to tools, workflows and actions</strong></h3> <p>Ensure access governance extends beyond systems and datasets into tools, workflows and actions.</p> <p>This includes:</p> <ul> <li>Defining governance for access to operational tools, workflow automation, orchestration systems, AI tools and administrative actions.</li> <li>Ensuring high-risk actions are subject to appropriate approval, logging and monitoring.</li> <li>Supporting segregation of duties across sensitive workflows.</li> <li>Ensuring automated workflows and agents have clearly scoped authority.</li> <li>Working with Security Operations to ensure high-risk access and actions are visible in monitoring and detection processes.</li> </ul> <p> </p> <h3><strong>9. Auditability, evidence and reporting</strong></h3> <p>Maintain clear evidence of access governance and support audit and assurance requirements.</p> <p>This includes:</p> <ul> <li>Producing access governance evidence for SOC 2, ISO 27001, client assurance, internal audit and risk reviews.</li> <li>Working with the ISMS and Risk Officer to ensure access controls, reviews, exceptions and remediation actions are documented.</li> <li>Reporting on access review completion, high-risk access, overdue actions and access control gaps.</li> <li>Supporting client and audit questions related to identity, access, privileged roles, service accounts, AI agents and data access.</li> <li>Ens
Create your free Jobbie profile once — we apply to this job and hundreds like it for you.
Sign up to apply