Head of Information Security, Risk and Compliance

Job Description

Find where you belong!

Are you a "trust-nothing" technical expert with the commercial savvy to influence the C‑suite, who is ready to lead and execute the "defence in depth" strategy for one of the UK’s most iconic travel brands? If yes, our Head of Information Security, Risk & Compliance position might be the right next move for you.

What’s it all about?

Our Head of Information Security, Risk and Compliance is a senior leadership position within the IT Operations team. The primary mission is to reduce security risks through robust controls that align with Travelodge’s commercial strategy.

Core responsibilities

• Strategic Leadership: Develop a continuously evolving security roadmap and "defence in depth" strategy; manage both internal teams and strategic third‑party partners.
• Operational Management: Oversee 24x7x365 security operations, including continuous monitoring, threat assessment, incident response (CIRT).
• Risk & Compliance: Develop and maintain an industry‑standard Risk Management framework; ensure compliance with PCI‑DSS, GDPR, and NIST frameworks.
• Governance & Policy: Maintain Information Security policies and conduct regular audits of processes and controls.
• Technical Oversight: Coordinate vulnerability management, penetration testing, and code reviews; provide "Secure by Design" architectural guidance for all new initiatives.
• Supply Chain & Budget: Manage a portfolio of security vendors to ensure value and responsiveness; oversee the OPEX and CAPEX budgets that enable your function to operate and continuously improve.
• Business Integration: Act as a trusted advisor to senior leadership and collaborate with Project Delivery to ensure risk reduction is baked into every project as well as BAU Operations.
• Testing and Readiness: Lead company‑wide staff awareness, testing and education campaigns, as well as regular audits, scenario‑based testing and penetration testing.

Why Travelodge?

We believe in creating an inclusive workplace where everyone can be their true self and belong. We work hard to improve the diversity of our teams and celebrate our differences. And we care about our colleagues’ wellbeing, so we ensure there are plenty of resources available so everyone can look after their emotional, physical, financial and work wellbeing. We call this “Better Me”.

Who will this appeal to?

We are seeking a pragmatic, hands‑on leader who can balance the mindset of a "trust‑nothing" security defender with the commercial awareness of a strategic business partner. You must be a master of communication, capable of translating complex technical threats into actionable insights for IT colleagues and C‑suite executives alike, while fostering a culture of security across the organisation. As a self‑starter, you will recruit and coach a high‑performing team, utilising a methodical approach to manage internal talent and external partners while aligning security investments with broader business value.

Your technical expertise should be rooted in securing critical B2B and B2C eCommerce platforms, particularly within hosted and SaaS‑heavy environments. You will bring expert‑level knowledge of perimeter, cloud, network, and data security, alongside a proven track record of embedding industry frameworks like NIST, ISO27001, or CIS into a large‑scale operation. Beyond technical defence, your role requires strong commercial acumen to navigate contract negotiations and vendor management, ensuring the business remains resilient, compliant, and agile in an evolving threat landscape.

Desired Qualifications

• Certifications: CCSP, CISSP-ISSMP, or CISM.
• Methodologies: ITIL v4 Foundation; FAIR Risk Modelling; experience in Project Management or Business Change.
• Advanced Tech: Experience defining Zero Trust Architecture (ZTA) and implementing security controls within public cloud environments (IaaS/PaaS).

What are the extra benefits of working for Travelodge?

• Up to £110,000 & Annualise Bonus
• Car Allowance
• Contributory pension scheme
• Hybrid working - a minimum of 60% of your time should be spent in the office and or visiting suppliers
• 50% personal discount for hotel bookings and great friends and family discounts too!
• 25 days holiday + bank holidays, increasing with length of service
• A focus on learning and career development

#J-18808-Ljbffr