Skip to content

Head of Information Security

Job Introduction

The Head of Information Security leads the organisation’s cyber, information security and technology risk agenda, ensuring Vp’s platforms, applications, data and digital services remain secure, resilient and compliant. You will define a modern, risk‑aligned security and risk strategy, uplift control maturity, and build a governance, oversight and assurance capability that partners closely with product, data and engineering teams.

Reporting to and working closely with the Group CIO, Technology SLT, Internal Audit and ExCo, you will be Vp’s senior adviser on cyber risk, emerging threats, architectural risks, data protection and security compliance. You will build a small high-performing team focussed on security architecture, governance, risk management and assurance, while collaborating with Service Management (ITSM, service operations and continuity), Infrastructure & Cloud (infrastructure, cloud platforms and resilience) to ensure a well‑coordinated technology control environment.

The role recognises that Vp operates a mixed technology landscape including in‑house written applications, enterprise SaaS platforms, and modern data platforms. You will ensure that the security posture of applications, data flows, pipelines and underlying architectures meet the organisation’s risk appetite and regulatory obligations.



Key Responsibilities

Strategy, Governance & Architecture

Define and lead the enterprise security and risk strategy aligned to business goals and regulatory requirements. Own policies, standards, and assurance frameworks. Act as security design authority, embedding secure-by-design principles across applications, data platforms (e.g. Snowflake/dbt), and cloud (Azure/AWS). Ensure best practices in identity, encryption, and secure integration


Cyber Security Oversight

Provide oversight of security operations (e.g. SOC/MSSP), ensuring effectiveness and alignment to risk priorities. Set direction and assurance while Infrastructure & Cloud / Service teams handle operations. Maintain a consolidated view of risks, threats, and control gaps


Identity & Access Management

Own identity governance, including lifecycle, RBAC, and access certification. Oversee privileged access (PAM), monitoring, and segregation of duties. Ensure identity controls are effective, audited, and well managed operationally.


Vulnerability, Threat & Risk Management

Lead vulnerability management across all platforms (apps, data, cloud, APIs). Define remediation standards and reporting. Commission testing (pen tests, code reviews, red teaming). Maintain and report the enterprise risk register to senior leadership


Monitoring, Assurance & Tooling

Define monitoring and detection strategy across the stack. Ensure security tooling (SIEM, EDR, IDS/IPS, DLP, etc.) is effective. Embed monitoring into operations and conduct assurance reviews against policies and architecture


Regulatory & Compliance

Own compliance with GDPR, ISO27001, NCSC and related standards. Maintain practical policies embedded in business processes. Lead audits and provide clear reporting on compliance posture


Security Culture & Awareness

Deliver a targeted security awareness programme across business and technical teams, including training, phishing simulations, and behaviour change initiatives


Third-Party Risk

Own supplier security framework, including due diligence, contracts, and ongoing assurance. Assess risks across vendors, SaaS, and partners, working with Procurement and Legal


Leadership & Collaboration

Act as the senior security advisor to executives and the Board. Build strong relationships across product, engineering, and data teams to embed security. Lead and develop the security function and align with Infrastructure & Service teams


Budgeting & Continuous Improvement

Manage security investment and roadmap. Report on risk, incidents, and maturity. Use data, audits, and threat intelligence to continuously improve controls and reduce risk



What We’re Looking For 

You will be a senior, credible leader who can combine strong security and risk expertise with pragmatic decision‑making and the ability to influence at all levels. You work collaboratively, bring clarity to complex challenges and ensure security enables rather than slows the business.


Key qualities include

  • Strategic thinker with a strong grasp of risk, governance and modern security models.
  • Collaborative, able to influence without authority and work effectively with peers (Service Management & Infrastructure/Cloud).
  • Excellent communicator capable of simplifying complexity for senior non‑technical audiences.
  • Calm, resilient and effective under pressure.
  • Strong people leader who builds capable, confident teams.


Skills & Experience

  • Extensive experience across cyber operations oversight, vulnerability management, incident response, SOC services and monitoring.
  • Strong understanding of modern security architecture covering cloud, network, identity, application and data domains.
  • Proven experience defining and governing identity and privileged access frameworks.
  • Deep knowledge of GDPR, UK Data Protection Act and recognised security frameworks (NIST, ISO27001, NCSC).
  • Experience developing security awareness programmes and culture change initiatives.
  • Demonstrable experience managing third‑party risk and supplier assurance.
  • Strong leadership experience with the ability to guide senior stakeholders and influence decision‑making.


Desirable

  • Background in hire, construction, rail or utilities sectors.
  • Participation in wider cyber and technology risk professional communities.



What We Can Offer You  

  • Salary sacrifice pension
  • Company car or Car Allowance
  • 25 days holiday, plus bank holidays and your birthday off
  • Additional holiday purchase scheme
  • Free Tool Hire
  • Life Assurance cover 3x salary 
  • Share save scheme 
  • Eye care vouchers
  • Recommend a friend scheme 
  • Learning & Development – commitment to upskilling and developing our people, structured in house training available alongside external training where required
  • Cycle to work scheme 
  • Long service recognition 
  • My Vp discounts – a variety of discounts and rewards on thousands of well-known brands
  • Discounts on HP products
  • EE mobile contract discount offers
  • Gym discounts
  • Health Shield (discounted premiums on health care cash plan)
  • Regit Assist 24/7 accident helpline – free joining



A Little Bit About Us 

Established in 1954, Vp plc has evolved into a dynamic group of companies with expertise in equipment rental. Our organisation encompasses seven prominent operating divisions: Airpac Rentals, Brandon Hire Station, ESS, Groundforce, TPA, Torrent Trackside, and UK Forks.

Across these divisions, we proudly provide an extensive range of specialist products and comprehensive services tailored to various industries. Our offerings cater to diverse sectors such as construction, civil engineering, rail, water, oil and gas, outdoor events, and housebuilding.

With a rich history and a commitment to excellence, Vp plc is your trusted partner for all your equipment rental needs.

Vp plc is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills.

Apply

The following content displays a map of the job's location.

Head of Information Security

  • Salary Competitive
  • Frequency Annual
  • Job Reference vpplc/TP/362/1768
  • Contract Type Permanent (Full-Time)
  • Working Hours 37
  • Closing Date 5 June, 2026
  • Job Category Head Office
  • Business Unit Vp Group
  • Location Harrogate, United Kingdom
  • Posted on 6 May, 2026
Apply

Spread the word

Jobs in the same category

This website is using cookies to improve your browsing experience. Tracking cookies are enabled but these do not collect personal or sensitive data. If you prefer for this not to be collected, please choose to turn cookies off below. Read more about cookies.