London, England, United Kingdom
FTSE 100 CISO | Cybersecurity & Risk Leader | Enabling Secure Digital Transformation & Business Resilience As Group Chief Information Security Officer at WPP, I lead the global cybersecurity strategy that protects one of the world’s largest creative transformation companies — enabling innovation, collaboration, and growth across our global network. With over 25 years of experience in cybersecurity, risk management, and technology leadership, I have built and matured security programmes across complex, multinational and FTSE 100 environments. My focus is on aligning information security with business objectives — delivering resilience, regulatory confidence, and trusted digital transformation at scale. My expertise spans data protection, cloud security, governance, and incident response, with a strong emphasis on translating cyber risk into strategic insight for executive and board-level decision-making. I’m passionate about fostering a culture of accountability and awareness, empowering teams, and ensuring that security acts as a business enabler — driving performance, trust, and long-term value. A hands-on and collaborative leader, I’m committed to integrity, transparency, and operational excellence in every aspect of cybersecurity leadership.
In my role I am acting as a lead in WPP’s Company Emergency Response Team taking ownership of significant incidents as required to control and minimize any damage, preserve evidence, prevent similar events from repeating, and gain insight into threats against WPP and our 122,000 employees across 110 countries. Leading a team across the globe focusing on Intelligence-led threat and security engagements, Major Crisis Response, Root Cause Analysis and supporting Legal & Internal Audit with eDiscovery and other corporate investigations. My responsibilities include; To support and inform the Chief Security Officer and shape the WPP security policy by providing Root Cause Analysis investigations in the event of an impactful security incident and to understand when and why a primary security control has failed or not been implemented whilst also advising on possible appropriate solutions to prevent reoccurrence. Manage Intelligence led corporate cyber security investigations on behalf of the Chief Security Officer liaising with international governments, law enforcement and other agencies as required. Support WPP Legal and Audit teams in a varying range of investigations and requests which requires identifying, collecting and producing electronically stored information (ESI). A permanent member of the Company Emergency Response Team (CERT), providing insight and guidance to WPP and its Operating Companies enabling them to respond effectively and consistently to suspected and confirmed cyber security incidents. Assessing and advising on operational cyber security risks, enabling business and technical stakeholders to take risk balanced decisions Providing subject matter expertise to support incident response and threat mitigation, including identifying practical and pragmatic technical solutions Provide support and mentoring to team members
My responsibilities include; Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program that ensures the integrity, confidentiality and availability of information owned by Sony Mobile. Manage Sony Mobile's information security organisation, consisting of direct reports and indirect reports. This includes hiring, training, staff development, performance management and annual performance reviews. Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices. Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers. Develop and manage information security budgets, and monitor them for variances. Create and manage information security and risk management awareness training programs for all employees and contractors. Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout Sony Mobile identifying acceptable levels of residual risk. Provide regular reporting on the current status of the information security program to senior business leaders and the board of directors. Develop and enhance an information security management framework based on ISO 27001. Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls. Coordinate information security and risk management projects with resources from the IT organisation and business unit teams. Manage security incidents and events to protect Sony Mobile IT assets, including intellectual property brand and reputation. Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of actions.