WPP
Identity, AI and Data Access Governance Lead

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
WPP is the trusted growth partner for the world’s leading brands. We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.
We work with the world's most valuable brands and have global reach across 100+ markets, with deep local expertise.
Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.
For more information, visit WPP.com.
Why we're hiring:
The Identity, AI and Data Access Governance Lead is responsible for governing who, and what, can access DTS systems, data, APIs, tools, workflows and AI-enabled capabilities.
This is a hands-on governance and control role, reporting into the SVP Security and Compliance. The role ensures that access across DTS is appropriate, auditable, reviewed, least-privileged and aligned with security, privacy, compliance and client commitments.
The scope covers traditional human access, external users, privileged access, service accounts, machine identities, API keys, tokens, dataset access, and the emerging governance of AI agents and agentic workflows.
The role will work closely with Architecture, Security, Product, Engineering, Infrastructure, Privacy, Legal/DPO, TechOps, Enterprise Technology and the ISMS and Risk Officer to ensure DTS has a clear and controlled model for access across platforms such as WPP Open, Choreograph, InfoSum, Open Intelligence, Resolve and related DTS capabilities.
What you'll be doing:
1. Identity and access governance framework
Define and maintain the access governance framework for DTS.
This includes:
- Defining access governance standards, processes and control expectations.
- Establishing how access should be requested, approved, provisioned, reviewed, revoked and evidenced.
- Ensuring access governance covers internal users, external users, clients, partners, vendors, service accounts, machine identities and AI agents.
- Aligning identity and access governance with DTS architecture, security, privacy, compliance and data governance requirements.
- Ensuring access governance is practical for product and engineering teams to implement.
2. Access reviews and recertification
Own the process for regular access reviews and recertification across DTS.
This includes:
- Defining the scope, frequency and evidence requirements for access reviews.
- Coordinating access reviews for critical DTS systems, production environments, privileged roles, sensitive datasets, client-facing platforms and administrative tools.
- Ensuring access review outcomes are tracked, remediated and evidenced.
- Identifying stale, excessive, orphaned or poorly owned access.
- Escalating overdue, high-risk or unresolved access issues through the appropriate governance channels.
3. Privileged access governance
Ensure privileged access across DTS is properly controlled, justified and auditable.
This includes:
- Reviewing access to production systems, cloud environments, security tools, databases, CI/CD tooling, administrative consoles and sensitive platforms.
- Supporting least-privilege, just-in-time and time-bound access models where appropriate.
- Working with Cloud and Platform Security and Infrastructure to improve privileged access controls.
- Ensuring privileged access risks are visible in the DTS risk register where required.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
4. External user, client and partner access governance
Govern access for external users, clients, agencies, partners and vendors.
This includes:
- Defining standards for external user onboarding, approval, permissions, expiry and offboarding.
- Ensuring external access has a clear business owner and justification.
- Supporting access governance across client workspaces, agency environments, partner integrations and shared collaboration areas.
- Working with Product and Engineering to ensure tenant, workspace and client-level isolation is appropriately governed.
- Tracking risks related to stale accounts, vendor access, partner permissions and external user overprivilege.
5. Service account, machine identity and API access governance
Govern non-human access across DTS systems and platforms.
This includes:
- Defining standards for service accounts, machine identities, automation users, API keys, tokens, secrets and integration credentials.
- Ensuring non-human access has clear ownership, purpose, scope, rotation, expiry and auditability.
- Working with Product, Engineering, Cloud Security and Infrastructure to reduce unmanaged credential risk.
- Ensuring service accounts and machine identities are included in access reviews.
- Supporting stronger governance of API access, token issuance, credential lifecycle and integration permissions.
6. AI and agentic access governance
Define and oversee the governance model for AI agents and agentic workflows across DTS.
This includes:
- Defining how AI agents are identified, permissioned, monitored, reviewed and revoked.
- Ensuring agents have clear ownership, scoped permissions and auditable actions.
- Defining which agent actions require human approval or additional control.
- Governing agent access to APIs, tools, datasets, workflows, client environments and production capabilities.
- Ensuring agents act within delegated authority and cannot exceed the permissions of the user, system or business process they represent.
- Working with Product, Architecture and Security to ensure agentic workflows are designed with clear action boundaries.
- Working with the Product, Application and Offensive Security Lead to test whether agent permissions and action boundaries can be bypassed.
- Working with Privacy Engineering to ensure AI access models support permitted use, minimisation and data protection requirements.
7. Data access governance
Govern access to sensitive, client, partner and WPP-owned data across DTS.
This includes:
- Defining standards for dataset access approval, review, revocation and evidence.
- Supporting data classification from an access-control and security-governance perspective.
- Ensuring access to sensitive data is role-based, purpose-based, least-privileged and auditable.
- Supporting controls for cross-client, cross-market, cross-agency and partner data access.
- Ensuring data access governance supports InfoSum, Open Intelligence, Resolve, WPP Open and other DTS data collaboration use cases.
- Working with Privacy Engineering on data minimisation, permitted use, retention and privacy-by-design requirements.
- Ensuring data access risks are surfaced through the DTS risk process.
8. Governance of access to tools, workflows and actions
Ensure access governance extends beyond systems and datasets into tools, workflows and actions.
This includes:
- Defining governance for access to operational tools, workflow automation, orchestration systems, AI tools and administrative actions.
- Ensuring high-risk actions are subject to appropriate approval, logging and monitoring.
- Supporting segregation of duties across sensitive workflows.
- Ensuring automated workflows and agents have clearly scoped authority.
- Working with Security Operations to ensure high-risk access and actions are visible in monitoring and detection processes.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
9. Auditability, evidence and reporting
Maintain clear evidence of access governance and support audit and assurance requirements.
This includes:
- Producing access governance evidence for SOC 2, ISO 27001, client assurance, internal audit and risk reviews.
- Working with the ISMS and Risk Officer to ensure access controls, reviews, exceptions and remediation actions are documented.
- Reporting on access review completion, high-risk access, overdue actions and access control gaps.
- Supporting client and audit questions related to identity, access, privileged roles, service accounts, AI agents and data access.
- Ensuring access governance is repeatable, measurable and auditable.
Who you'll be working with:
The Identity, AI and Data Access Governance Lead will be accountable for:
- DTS identity and access governance standards.
- Regular access reviews and recertification.
- Privileged access governance.
- External user, client, partner and vendor access governance.
- Service account, machine identity, API key and token governance.
- AI agent identity, permission and action governance.
- Dataset and sensitive data access governance.
- Governance of access to tools, workflows and high-risk actions.
- Access governance evidence for audit, compliance and client assurance.
- Escalation of material access risks into the DTS risk process.
What you'll need:
The successful candidate will have:
- Experience in identity governance, access management, IAM, security governance, GRC, data access control or platform security.
- Strong understanding of least privilege, role-based access control, attribute-based access control, access reviews, privileged access and segregation of duties.
- Experience governing access across SaaS platforms, cloud environments, APIs, data platforms or enterprise technology estates.
- Knowledge of identity platforms such as Okta, Auth0, Keycloak, Azure AD / Entra ID or similar.
- Understanding of service accounts, machine identities, API keys, tokens, secrets and non-human access governance.
- Understanding of AI agents, agentic workflows, delegated authority and tool-access governance would be highly valuable.
- Understanding of data classification, dataset access governance, privacy-by-design and audit requirements.
- Ability to work across security, architecture, product, engineering, infrastructure, legal, privacy and compliance teams.
- Strong organisational skills and ability to coordinate reviews, evidence, remediation and reporting.
- Ability to translate complex access issues into clear risks, controls and practical actions.
Leadership expectations
The Identity, AI and Data Access Governance Lead is expected to:
- Be structured, disciplined and pragmatic.
- Bring clarity to complex access and permission models.
- Challenge excessive, unclear or poorly governed access.
- Work constructively with product and engineering teams to design workable controls.
- Avoid creating unnecessary bureaucracy while ensuring access is properly governed.
- Treat human, machine and agent access as part of the same control landscape.
- Escalate material access risks clearly and early.
- Support DTS in building a secure, auditable and scalable access governance model.
Success measures
Success in the role will be measured by:
- DTS having clear identity, access and data access governance
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location