Head of Information Security, Harrogate

Overview The Head of Information Security leads the organisation’s cyber, information security and technology risk agenda, ensuring Vp’s platforms, applications, data and digital services remain secure, resilient and compliant. You will define a modern, risk‑aligned security and risk strategy, uplift control maturity, and build a governance, oversight andassurance capability that partners closely with product, data and engineering teams.Reporting to and working closely with the Group CIO, Technology SLT, Internal Audit and ExCo, you will be Vp’s senior adviser on cyber risk, emerging threats, architectural risks, data protection and security compliance. You will build a small high-performing team focussed on security architecture, governance, risk management and assurance, while collaborating with Service Management (ITSM, service operations and continuity), Infrastructure&Cloud (infrastructure, cloud platforms and resilience) to ensure a well‑coordinated technology control environment. The role recognises that Vp operates a mixed technology landscape including in‑house written applications, enterprise SaaS platforms, and modern data platforms. You will ensure that the security posture of applications, data flows, pipelines and underlying architectures meet the organisation’s risk appetite and regulatory obligations.Key Responsibilities Strategy, Governance&Architecture: Define and lead the enterprise security and risk strategy aligned to business goals and regulatory requirements. Own policies, standards, and assurance frameworks. Act as security design authority, embedding secure-by-design principles across applications, data platforms (e.g. Snowflake/dbt), and cloud (Azure/AWS). Ensure best practices in identity, encryption, and secure integrationCyber Security Oversight: Provide oversight of security operations (e.g. SOC/MSSP), ensuring effectiveness and alignment to risk priorities. Set direction and assurance while Infrastructure&Cloud / Service teams handle operations. Maintain a consolidated view of risks, threats, and control gaps Identity&Access Management: Own identity governance, including lifecycle, RBAC, and access certification. Oversee privileged access (PAM), monitoring, and segregation of duties. Ensure identity controls are effective, audited, and well managed operationally. Vulnerability, Threat&Risk Management: Lead vulnerability management across all platforms (apps, data, cloud, APIs). Define remediation standards and reporting. Commission testing (pen tests, code reviews, red teaming). Maintain and report the enterprise risk register to senior leadership Monitoring, Assurance&Tooling: Define monitoring and detection strategy across the stack. Ensure security tooling (SIEM, EDR, IDS/IPS, DLP, etc.) is effective. Embed monitoring into operations and conduct assurance reviews against policies and architecture Regulatory&Compliance: Own compliance with GDPR, ISO27001, NCSC and related standards. Maintain practical policies embedded in business processes. Lead audits and provide clear reporting on compliance posture Security Culture&Awareness: Deliver a targeted security awareness programme across business and technical teams, including training, phishing simulations, and behaviour change initiatives Third-Party Risk: Own supplier security framework, including due diligence, contracts, and ongoing assurance. Assess risks across vendors, SaaS, and partners, working with Procurement and LegalLeadership&Collaboration: Act as the senior security advisor to executives and the Board. Build strong relationships across product, engineering, and data teams to embed security. Lead and develop the security function and align with Infrastructure&Service teams Budgeting&Continuous Improvement: Manage security investment and roadmap. Report on risk, incidents, and maturity. Use data, audits, and threat intelligence to continuously improve controls and reduce risk What We’re Looking For You will be a senior, credible leader who can combine strong security and risk expertise with pragmatic decision‑making and the ability to influence at all levels. You work collaboratively, bring clarity to complex challenges and ensure security enables rather than slows the business.Strategic thinker with a strong grasp of risk, governance and modern security models. Collaborative, able to influence without authority and work effectively with peers (Service Management&Infrastructure/Cloud). Excellent communicator capable of simplifying complexity for senior non‑technical audiences. Calm, resilient and effective under pressure. Strong people leader who builds capable, confident teams. Skills&Experience Extensive experience across cyber operations oversight, vulnerability management, incident response, SOC services and monitoring. Strong understanding of modern security architecture covering cloud, network, identity, application and data domains. Proven experience defining and governing identity and privileged access frameworks.Deep knowledge of GDPR, UK Data Protection Act and recognised security frameworks (NIST, ISO27001, NCSC). Experience developing security awareness programmes and culture change initiatives. Demonstrable experience managing third‑party risk and supplier assurance. Strong leadership experience with the ability to guide senior stakeholders and influence decision‑making.Desirable Background in hire, construction, rail or utilities sectors. Participation in wider cyber and technology risk professional communities. What We Can Offer You Salary sacrifice pension Company car or Car Allowance 25 days holiday, plus bank holidays and your birthday off Additional holiday purchase schemeFree Tool Hire Life Assurance cover 3x salary Share save scheme Eye care vouchers Recommend a friend scheme Learning&Development– commitment to upskilling and developing our people, structured in house training available alongside external training where required Cycle to work scheme Long service recognition My Vp discounts – a variety of discounts and rewards on thousands of well-known brands Discounts on HP productsEE mobile contract discount offers Gym discounts Health Shield (discounted premiums on health care cash plan) Regit Assist 24/7 accident helpline– free joining A Little Bit About Us Established in 1954, Vp plc has evolved into a dynamic group of companies with expertise in equipment rental. Our organisation encompasses seven prominent operating divisions: Airpac Rentals, Brandon Hire Station, ESS, Groundforce, TPA, Torrent Trackside, andUK Forks.Across these divisions, we proudly provide an extensive range of specialist products and comprehensive services tailored to various industries. Our offerings cater to diverse sectors such as construction, civil engineering, rail, water, oil and gas, outdoor events, and housebuilding. With a rich history and a commitment to excellence, Vp plc is your trusted partner for all your equipment rental needs.Vp plc is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. #J-18808-Ljbffr