Head of Information Security & Data Privacy at Travis Perkins Plc in Northampton, England, United Kingdom | Kablio

Role

Description

security ops

incident response

threat testing

infosec strategy

compliance management

secure delivery

Lead awareness and education in a way that works for a builders merchant environment, from branches and distribution sites to offices and digital teams. You will drive the message that colleagues are the first line of defence, creating a psychologically safe culture where people feel confident to raise concerns and report incidents.
Oversee our 24/7 security operations capability and hold overall accountability for information security incident management. You will coordinate internal stakeholders, including Group Counsel, and run blameless post incident reviews that focus on learning and continuous improvement. You will also ensure that we regularly test our response against realistic scenarios that reflect how our business actually operates.
Help modernise and secure a diverse technology estate that spans digital platforms, heritage systems, logistics, stores, branches and more
Work with the Director of Infosec & Enterprise Solution Assurance to design and maintain a Group wide infosec strategy that recognises the different risk profiles and ambitions of each business unit. You will balance agility in our digital environments with the resilience required in our heritage systems.
Own and continually strengthen our approach to key regulations and standards such as GDPR, PCI DSS and Cyber Essentials. You will enhance our risk management frameworks so that technology and business leaders have the insight they need to own and manage their risks effectively.
Develop and maintain a policy and control framework that helps colleagues make safe decisions in the real world. You will move us beyond box-ticking compliance, providing clear, pragmatic guidance and ensuring that any risk based exceptions are well understood, documented and regularly reviewed.
Build strong relationships with executive colleagues, helping them understand the evolving threat landscape in plain, commercial language. You will help define risk appetite, shape investment decisions and ensure that information security is seen as a strategic enabler, not a blocker.
Work closely with product, platform, engineering and service teams to build security into the technology delivery lifecycle from day one. You will help us move away from security as a late stage gatekeeper towards a consultative, embedded model, using automation where possible to reduce friction and speed up safe delivery.

Requirements

information security

cissp

cism

nist

iso27000

gdpr

Work at genuine executive level influence on one of the most important agendas in the business
Extensive experience in information security, including leadership of people, services and third parties
A strong track record of turning complex security and privacy topics into clear, business focused conversations
Experience of being on the receiving end of one or more significant cyber incidents so you can speak from experience
Relevant qualifications such as a degree in a related field and certifications like CISSP or CISM would be helpful, but we are especially interested in your real world impact and leadership experience.
The ability to distinguish between theoretical risk and material business risk, making pragmatic decisions in a complex organisation
Experience building and leading high performing, multidisciplinary teams
Deep understanding of modern security practices and frameworks, for example NIST CSF, ISO27000, PCI DSS, OWASP, GDPR and ITIL

Benefits

Information not given or found

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

Information not given or found

Security clearance

Information not given or found

Company

Overview

1797

Year Established

Traces its roots back to this year.

Serves a wide range of industries, from construction to home improvement.
Supports both large-scale projects and individual DIY enthusiasts.
Offers products for building, plumbing, heating, and timber.
Operates through numerous well-known brands and a vast network of branches across the UK.
Consistently delivers top-tier products and services for major infrastructure and residential projects.
Known for innovative solutions to meet the evolving industry needs.
Recognized for strong supply chain capabilities and customer satisfaction.

Culture + Values

Environment + Sustainability

80%, 63% by 2035

Carbon Reduction Targets

The company aims to reduce Scope 1 & 2 emissions by 80% and Scope 3 emissions by 63% by 2035, aligned with the Science-Based Targets initiative.

33% reduction

Scope 1 & 2 Emissions

Achieved a significant reduction in Scope 1 & 2 emissions by the end of 2023.

100% renewable

Electricity Usage

100% of operational electricity in the UK is sourced from renewable energy, contributing to significant carbon savings.

1.4M L, 3,500 t CO₂

HVO Fuel Savings

Switching to HVO fuel in 270 vehicles reduced diesel usage and achieved substantial CO₂ savings in 2023.

Switching up to 1,100 diesel forklifts to electric by mid-2024 (estimated reduction ~6,600 t CO₂/year)
Over 95% of operational waste diverted from landfill; using >30% recycled content in plastic packaging
11% of 2023 revenue from products with Environmental Product Declarations for embodied-carbon transparency
Partner of National Retrofit Hub, influencing retrofit planning and industry decarbonisation
Piloted full decarbonisation of one branch per business, installing solar PV, heat pumps, LED to inform rollout
Scope 3 emissions reduced 3% in 2023 and now 6% below 2020 baseline; ratio per revenue improved 28%

Inclusion & Diversity

Articles

Careers

Investor contacts

Media contacts

Toolstation (subsidiary)

Role

Description

security ops

incident response

threat testing

infosec strategy

compliance management

secure delivery

Lead awareness and education in a way that works for a builders merchant environment, from branches and distribution sites to offices and digital teams. You will drive the message that colleagues are the first line of defence, creating a psychologically safe culture where people feel confident to raise concerns and report incidents.
Oversee our 24/7 security operations capability and hold overall accountability for information security incident management. You will coordinate internal stakeholders, including Group Counsel, and run blameless post incident reviews that focus on learning and continuous improvement. You will also ensure that we regularly test our response against realistic scenarios that reflect how our business actually operates.
Help modernise and secure a diverse technology estate that spans digital platforms, heritage systems, logistics, stores, branches and more
Work with the Director of Infosec & Enterprise Solution Assurance to design and maintain a Group wide infosec strategy that recognises the different risk profiles and ambitions of each business unit. You will balance agility in our digital environments with the resilience required in our heritage systems.
Own and continually strengthen our approach to key regulations and standards such as GDPR, PCI DSS and Cyber Essentials. You will enhance our risk management frameworks so that technology and business leaders have the insight they need to own and manage their risks effectively.
Develop and maintain a policy and control framework that helps colleagues make safe decisions in the real world. You will move us beyond box-ticking compliance, providing clear, pragmatic guidance and ensuring that any risk based exceptions are well understood, documented and regularly reviewed.
Build strong relationships with executive colleagues, helping them understand the evolving threat landscape in plain, commercial language. You will help define risk appetite, shape investment decisions and ensure that information security is seen as a strategic enabler, not a blocker.
Work closely with product, platform, engineering and service teams to build security into the technology delivery lifecycle from day one. You will help us move away from security as a late stage gatekeeper towards a consultative, embedded model, using automation where possible to reduce friction and speed up safe delivery.

Requirements

information security

cissp

cism

nist

iso27000

gdpr

Work at genuine executive level influence on one of the most important agendas in the business
Extensive experience in information security, including leadership of people, services and third parties
A strong track record of turning complex security and privacy topics into clear, business focused conversations
Experience of being on the receiving end of one or more significant cyber incidents so you can speak from experience
Relevant qualifications such as a degree in a related field and certifications like CISSP or CISM would be helpful, but we are especially interested in your real world impact and leadership experience.
The ability to distinguish between theoretical risk and material business risk, making pragmatic decisions in a complex organisation
Experience building and leading high performing, multidisciplinary teams
Deep understanding of modern security practices and frameworks, for example NIST CSF, ISO27000, PCI DSS, OWASP, GDPR and ITIL

Benefits

Information not given or found

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

Information not given or found

Security clearance

Information not given or found