I was asked this question at an interview today and was unable to give a structured answer since there is so many things a head of security can do.
The additional info that I had were : - You can hire whoever you want - You can do whatever you want - You don't have an unlimited budget but you have enough for the most important things
Since I'm pretty unexperimented in all management and planning stuffs I was a little lost (I'm currently a SOC operator).
I'd say that you need a complete map of the network, list all assets with versions. A list of updates and patches to apply to to those assets to have the latest security updates. Same for the softwares. Organise a vulnerability assessment of the complete infrastructure.
You can also organize security awarness campain (lock screen when you leave your desk, phishing campain, presentation of basic security vulnerabilities and how to tackle them, ...)
I think that I missed some crucial parts in the answer but don't know what. Do you have additional informations ?