Overview The Head of Information Security leads the organisation’s cyber, information security and technology risk agenda, ensuring Vp’s platforms, applications, data and digital services remain secure, resilient and compliant. You will define a modern, risk‑aligned security and risk strategy, uplift control maturity, and build a governance, oversight and assurance capability that partners closely with product, data and engineering teams.
Reporting to and working closely with the Group CIO, Technology SLT, Internal Audit and ExCo, you will be Vp’s senior adviser on cyber risk, emerging threats, architectural risks, data protection and security compliance. You will build a small high-performing team focussed on security architecture, governance, risk management and assurance, while collaborating with Service Management (ITSM, service operations and continuity), Infrastructure & Cloud (infrastructure, cloud platforms and resilience) to ensure a well‑coordinated technology control environment.
The role recognises that Vp operates a mixed technology landscape including in‑house written applications, enterprise SaaS platforms, and modern data platforms. You will ensure that the security posture of applications, data flows, pipelines and underlying architectures meet the organisation’s risk appetite and regulatory obligations.
Key Responsibilities Strategy, Governance & Architecture: Define and lead the enterprise security and risk strategy aligned to business goals and regulatory requirements. Own policies, standards, and assurance frameworks. Act as security design authority, embedding secure-by-design principles across applications, data platforms (e.g. Snowflake/dbt), and cloud (Azure/AWS). Ensure best practices in identity, encryption, and secure integration
Cyber Security Oversight: Provide oversight of security operations (e.g. SOC/MSSP), ensuring effectiveness and alignment to risk priorities. Set direction and assurance while Infrastructure & Cloud / Service teams handle operations. Maintain a consolidated view of risks, threats, and control gaps
Identity & Access Management: Own identity governance, including lifecycle, RBAC, and access certification. Oversee privileged access (PAM), monitoring, and segregation of duties. Ensure identity controls are effective, audited, and well managed operationally.
Vulnerability, Threat & Risk Management: Lead vulnerability management across all platforms (apps, data, cloud, APIs). Define remediation standards and reporting. Commission testing (pen tests, code reviews, red teaming). Maintain and report the enterprise risk register to senior leadership
Monitoring, Assurance & Tooling: Define monitoring and detection strategy across the stack. Ensure security tooling (SIEM, EDR, IDS/IPS, DLP, etc.) is effective. Embed monitoring into operations and conduct assurance reviews against policies and architecture
Regulatory & Compliance: Own compliance with GDPR, ISO27001, NCSC and related standards. Maintain practical policies embedded in business processes. Lead audits and provide clear reporting on compliance posture
Security Culture & Awareness: Deliver a targeted security awareness programme across business and technical teams, including training, phishing simulations, and behaviour change initiatives
Third-Party Risk: Own supplier security framework, including due diligence, contracts, and ongoing assurance. Assess risks across vendors, SaaS, and partners, working with Procurement and Legal
Leadership & Collaboration: Act as the senior security advisor to executives and the Board. Build strong relationships across product, engineering, and data teams to embed security. Lead and develop the security function and align with Infrastructure & Service teams
Budgeting & Continuous Improvement: Manage security investment and roadmap. Report on risk, incidents, and maturity. Use data, audits, and threat intelligence to continuously improve controls and reduce risk
What We’re Looking For You will be a senior, credible leader who can combine strong security and risk expertise with pragmatic decision‑making and the ability to influence at all levels. You work collaboratively, bring clarity to complex challenges and ensure security enables rather than slows the business.
Strategic thinker with a strong grasp of risk, governance and modern security models.
Collaborative, able to influence without authority and work effectively with peers (Service Management & Infrastructure/Cloud).
Excellent communicator capable of simplifying complexity for senior non‑technical audiences.
Calm, resilient and effective under pressure.
Strong people leader who builds capable, confident teams.
Skills & Experience Extensive experience across cyber operations oversight, vulnerability management, incident response, SOC services and monitoring.
Strong understanding of modern security architecture covering cloud, network, identity, application and data domains.
Proven experience defining and governing identity and privileged access frameworks.
Deep knowledge of GDPR, UK Data Protection Act and recognised security frameworks (NIST, ISO27001, NCSC).
Experience developing security awareness programmes and culture change initiatives.
Demonstrable experience managing third‑party risk and supplier assurance.
Strong leadership experience with the ability to guide senior stakeholders and influence decision‑making.
Desirable Background in hire, construction, rail or utilities sectors.
Participation in wider cyber and technology risk professional communities.
What We Can Offer You Salary sacrifice pension
Company car or Car Allowance
25 days holiday, plus bank holidays and your birthday off
Additional holiday purchase scheme
Free Tool Hire
Life Assurance cover 3x salary
Share save scheme
Eye care vouchers
Recommend a friend scheme
Learning & Development – commitment to upskilling and developing our people, structured in house training available alongside external training where required
Cycle to work scheme
Long service recognition
My Vp discounts – a variety of discounts and rewards on thousands of well-known brands
Discounts on HP products
EE mobile contract discount offers
Gym discounts
Health Shield (discounted premiums on health care cash plan)
Regit Assist 24/7 accident helpline – free joining
A Little Bit About Us Established in 1954, Vp plc has evolved into a dynamic group of companies with expertise in equipment rental. Our organisation encompasses seven prominent operating divisions: Airpac Rentals, Brandon Hire Station, ESS, Groundforce, TPA, Torrent Trackside, and UK Forks.
Across these divisions, we proudly provide an extensive range of specialist products and comprehensive services tailored to various industries. Our offerings cater to diverse sectors such as construction, civil engineering, rail, water, oil and gas, outdoor events, and housebuilding.
With a rich history and a commitment to excellence, Vp plc is your trusted partner for all your equipment rental needs.
Vp plc is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills.
#J-18808-Ljbffr