Head of Information Security & Data Privacy

Protecting a business like ours is a big deal. With a heritage estate, modern digital platforms and a complex Group structure, Travis Perkins plc needs someone who can confidently own our information security and data privacy agenda across a very large and varied technology landscape. That is where this role comes in.

We are looking for a Head of Information Security & Data Privacy who can set strategy, inspire people, and turn complex cyber risks into clear, commercial decisions that help our businesses trade with confidence. You will partner with our brands, shaping how we protect customer, colleague and business data end to end.

Work with the Director of Infosec & Enterprise Solution Assurance to design and maintain a Group wide infosec strategy that recognises the different risk profiles and ambitions of each business unit. You will balance agility in our digital environments with the resilience required in our heritage systems.

Develop and maintain a policy and control framework that helps colleagues make safe decisions in the real world. You will move us beyond box‑ticking compliance, providing clear, pragmatic guidance and ensuring that any risk‑based exceptions are well understood, documented and regularly reviewed.

Build strong relationships with executive colleagues, helping them understand the evolving threat landscape in plain, commercial language. You will help define risk appetite, shape investment decisions and ensure that information security is seen as a strategic enabler, not a blocker.

Own and continually strengthen our approach to key regulations and standards such as GDPR, PCI DSS and Cyber Essentials. You will enhance our risk management frameworks so that technology and business leaders have the insight they need to own and manage their risks effectively.

Lead awareness and education in a way that works for a builders merchant environment, from branches and distribution sites to offices and digital teams. You will drive the message that colleagues are the first line of defence, creating a psychologically safe culture where people feel confident to raise concerns and report incidents.

Work closely with product, platform, engineering and service teams to build security into the technology delivery lifecycle from day one. You will help us move away from security as a late stage gatekeeper towards a consultative, embedded model, using automation where possible to reduce friction and speed up safe delivery.

Oversee our 24/7 security operations capability and hold overall accountability for information security incident management. You will coordinate internal stakeholders, including Group Counsel, and run blameless post‑incident reviews that focus on learning and continuous improvement. You will also ensure that we regularly test our response against realistic scenarios that reflect how our business actually operates.

You will lead a dedicated team of c.10 information security specialists in varying roles, a network of security champions and multiple third‑party partners, but you will set the tone, direction and standards for how we manage information security and data privacy across the Group.

We are looking for someone who is as comfortable in the boardroom as they are in a technical design review. Someone who can talk to engineers about threat models, then step into a commercial conversation about risk and trade offs with senior leaders.

• Extensive experience in information security, including leadership of people, services and third parties
• A strong track record of turning complex security and privacy topics into clear, business focused conversations
• Deep understanding of modern security practices and frameworks, for example NIST CSF, ISO27000, PCI DSS, OWASP, GDPR and ITIL
• Experience building and leading high performing, multidisciplinary teams
• The ability to distinguish between theoretical risk and material business risk, making pragmatic decisions in a complex organisation
• A collaborative leadership style, with a focus on empowering experts rather than micromanaging them
• A mindset that combines resilience, curiosity and a willingness to challenge the status quo in a constructive way
• Relevant qualifications such as a degree in a related field and certifications like CISSP or CISM would be helpful, but we are especially interested in your real world impact and leadership experience.
• Experience of being on the receiving end of one or more significant cyber incidents so you can speak from experience

• Shape how a FTSE listed, UK wide Group protects its customers, colleagues and brands
• Work at genuine executive level influence on one of the most important agendas in the business
• Help modernise and secure a diverse technology estate that spans digital platforms, heritage systems, logistics, stores, branches and more
• Join a supportive leadership community that values integrity, pragmatism and long term partnership
• As you’d expect from an industry leading employer, this position is attached to a highly competitive annual salary, bonus earning potential and car allowance. Our Head Office is based in Northampton so regular travel to here and our branches is essential in this hybrid role, so location is not too important, but being willing to travel is.

We’re driving to become a truly inclusive employer. We want everyone to be at their best and it’s our ambition that everyone within our Group feels safe, welcome and confident to be their authentic selves.

You be you, it makes us, us.