Head of Threat Intelligence & Knowledge

Confirmed live in the last 24 hours

WPP

Insert City, Country

Hybrid

Posted March 25, 2026

Job Description

WPP is the trusted growth partner for the world’s leading brands.

We unite cutting-edge media intelligence and data solutions, world-class creativity, next-generation production, transformative enterprise solutions and expert strategic counsel in a single company – powered by exceptional talent and our agentic marketing platform, WPP Open, to help our clients navigate change, capture opportunity and deliver transformational growth.

We have been building the world's most valuable brands for 50 years and have global reach across 100+ markets, with deep local expertise.

Our people are the key to our success. We're committed to fostering a culture of creativity, belonging and continuous learning, attracting and developing the brightest talent, and providing exciting career opportunities that help our people grow.

For more information, visit WPP.com.

Why we're hiring:

The Head of Threat Intelligence & Knowledge Sharing is responsible for establishing, leading, and maturing a comprehensive cyber threat intelligence (CTI) capability that supports detection engineering, incident response, threat hunting, vulnerability management, and executive decision-making. Additionally, this role owns the Operational Security knowledge management function, ensuring all processes, insights, and lessons learned are captured, validated, structured, and shared in alignment with ITIL knowledge management standards.

What you'll be doing:

Core Responsibilities

Threat Intelligence Strategy & Leadership

Lead the Cyber Threat Intelligence (CTI) function across operational, tactical, and strategic domains.
Define the intelligence lifecycle, collection strategy, and analytical standards.
Own the production of intelligence reports, threat landscape assessments, and adversary TTP analysis.
Maintain a centralised repository of indicators of compromise (IOCs), threat artefacts, and contextual insights.
Ensure intelligence outputs directly support SOC, Incident Response, Detection Engineering, and Threat Hunting.

Integration & Operational Enablement

Embed threat intelligence into detection engineering, SIEM/EDR rule development, and automation workflows.
Support incident investigations with tailored intelligence and enrichment.
Enable proactive threat hunting by providing context on adversary behaviour and emerging trends.
Collaborate with vulnerability management teams to prioritise exposures based on threat context.

Intelligence Sharing & External Collaboration

Develop and manage intelligence-sharing partnerships with vendors, ISACs, MSSPs, and OpCos.
Ensure consistent, secure dissemination of intelligence to internal stakeholders.
Represent Operational Security in external intelligence forums, working groups, and industry collaborations.

Knowledge Sharing (ITIL-Aligned)

Own the Operational Security Knowledge Management Framework in line with ITIL standards.
Define and maintain the lifecycle for knowledge artefacts: creation, validation, approval, publishing, review.
Ensure all SOPs, playbooks, lessons learned, incident reports, and intelligence summaries are structur

gorustaiiosdataproductdesignmarketing