Kids Planet is a prominent nursery group in the United Kingdom, currently operating at more than 270 locations.
Kids Planet Day Nurseries are seeking someone keen to take the next step up in their career as a Head of InfoSec to lead governance, risk, compliance, and security awareness initiatives across an organisation at a time of significant modernisation. This pivotal role ensures a robust security posture by developing and enforcing policies, standards, and training programmes aligned with business objectives and regulatory requirements. Reporting directly to the Chief Technology Officer, this role is responsible for safeguarding the organisation’s digital assets and ensuring compliance with all relevant data protection legislation, including GDPR. The successful candidate will work collaboratively across the organisation to foster a culture of security and ensure the highest standards of data handling for the safety and privacy of our children, families, and staff.
Key Responsibilities
Lead the development and enforcement of enterprise-wide information security policies and standards
Drive security governance and cyber maturity through compliance, assurance reviews, and gap analysis
Oversight and improvement of the Information Security Risk Management frameworks and processes
Conduct in-depth supplier due diligence / third-party assurance processes
Manage audit readiness and support internal/external audit activities
Own and deliver the organisation's security awareness programme, including campaigns and tailored training
Manage third‑party security and data governance relationships, including vetting suppliers and ensuring contractual compliance with security requirements
Lead and develop a small team responsible for info/data security, data protection and governance, providing coaching and training to ensure high performance
Act as the primary point of contact for security incidents, coordinating incident response and recovery plans and liaising with external authorities when necessary
Maintain up-to-date knowledge of evolving threats, technologies and regulations relevant to the childcare sector
Person Specification
Education: Degree in Computer Science, Information Security, or a related field. Relevant professional certifications (e.g., CISSP, CISM, CISA, ISO 27001 Lead Implementer / Auditor, GDPR Practitioner) are highly desirable.
Experience: Demonstrable experience in a senior InfoSec and/or data governance role, ideally within the education, childcare or not‑for‑profit sectors.
Technical Expertise: In-depth knowledge of cybersecurity frameworks, best practices, and tools. Strong understanding of UK and EU data protection legislation, including GDPR.
Leadership: Proven ability to lead, inspire, and develop teams. Experience in managing projects and influencing at a senior level.
Analytical Skills: Strong problem‑solving abilities and a proactive approach to identifying risks and implementing solutions.
Communication: Excellent verbal and written communication skills with the ability to explain complex technical issues to non‑specialists.
Integrity and Discretion: High level of personal integrity and ability to handle sensitive and confidential information appropriately.
Resilience: Comfortable working under pressure and managing multiple priorities in a fast‑paced environment.
Knowledge of security frameworks (ISO/IEC 27001, NIST CSF, CIS Controls, Cyber Essentials).
Pro‑active, pragmatic self‑starter with the ability to effectively lead a small team, including those with potentially differing skill sets, to their own.
Key Relationships
C Suite and Senior Management Team
IT and Digital Teams
Nursery Managers and Operational Staff
External vendors, consultants and regulatory bodies
What We Offer
Highly discounted childcare
Free breakfast, lunches and healthy snacks including fresh fruit
Birthday leave
Enhanced Maternity, Paternity, Fertility and Adoption leave
Fertility leave
Anniversary awards
Employee Assistance Programme
Professional Development
#J-18808-Ljbffr