×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Head of Information Security & Data Privacy

Job in Northampton, Northamptonshire, NN1, England, UK
Listing for: Travis Perkins plc
Full Time position
Listed on 2025-12-19
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below

Head of Information Security & Data Privacy

Protecting a business like ours is a big deal. With a heritage estate, modern digital platforms and a complex Group structure, Travis Perkins plc needs someone who can confidently own our information security and data privacy agenda across a very large and varied technology landscape. That is where this role comes in. We are looking for a Head of Information Security & Data Privacy who can set strategy, inspire people, and turn complex cyber risks into clear, commercial decisions that help our businesses trade with confidence.

You will partner with our brands, shaping how we protect customer, colleague and business data end to end.

In this role you will:
  • Work with the Director of Infosec & Enterprise Solution Assurance to design and maintain a Group‑wide infosec strategy that recognises the different risk profiles and ambitions of each business unit. You will balance agility in our digital environments with the resilience required in our heritage systems.
  • Develop and maintain a policy and control framework that helps colleagues make safe decisions in the real world. You will move us beyond box‑ticking compliance, providing clear, pragmatic guidance and ensuring that any risk‑based exceptions are well understood, documented and regularly reviewed.
  • Build strong relationships with executive colleagues, helping them understand the evolving threat landscape in plain, commercial language. You will help define risk appetite, shape investment decisions and ensure that information security is seen as a strategic enabler, not a blocker.
  • Own and continually strengthen our approach to key regulations and standards such as GDPR, PCI DSS and Cyber Essentials. You will enhance our risk management frameworks so that technology and business leaders have the insight they need to own and manage their risks effectively.
  • Lead awareness and education in a way that works for a builders merchant environment, from branches and distribution sites to offices and digital teams. You will drive the message that colleagues are the first line of defence, creating a psychologically safe culture where people feel confident to raise concerns and report incidents.
  • Work closely with product, platform, engineering and service teams to build security into the technology delivery lifecycle from day one. You will help us move away from security as a late‑stage gatekeeper toward a consultative, embedded model, using automation where possible to reduce friction and speed up safe delivery.
  • Oversee our 24/7 security operations capability and hold overall accountability for information security incident management. You will coordinate internal stakeholders, including Group Counsel, and run blameless post‑incident reviews that focus on learning and continuous improvement. You will also ensure that we regularly test our response against realistic scenarios that reflect how our business actually operates.

You will lead a dedicated team of c.10 information security specialists in varying roles, a network of security champions and multiple third‑party partners, but you will set the tone, direction and standards for how we manage information security and data privacy across the Group.

Who we are looking for:

Someone who is as comfortable in the boardroom as they are in a technical design review. Someone who can talk to engineers about threat models, then step into a commercial conversation about risk and trade‑offs with senior leaders.

Key Qualifications and

Experience:
  • Extensive experience in information security, including leadership of people, services and third parties.
  • A strong track record of turning complex security and privacy topics into clear, business‑focused conversations.
  • Deep understanding of modern security practices and frameworks, for example NIST CSF, ISO
    27000, PCI DSS, OWASP, GDPR and ITIL.
  • Experience building and leading high‑performing, multidisciplinary teams.
  • The ability to distinguish between theoretical risk and material business risk, making pragmatic decisions in a complex organisation.
  • A collaborative leadership style, with a focus on empowering experts rather than micromanaging them.
  • A…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search