Information Security and Integrity Manager in Birmingham

We are seeking an experienced and forward-thinking Information Security & Integrity Manager for a period of 12 months, to play a critical role in strengthening how the West Midlands Combined Authority (WMCA) protects, governs, and assures the use of its information assets and data. This is a high-profile opportunity to lead the development and continuous improvement of the WMCA’s Information Security Management System (ISMS), ensuring the organisation has clear, evidence-based assurance over how information is handled, secured, governed, and retained.

Working closely with senior leadership, audit, cyber security, data, and technology teams, you will help shape a robust security and governance framework that supports organisational transformation while ensuring compliance with ISO standards, UK GDPR, and best practice. As the WMCA continues to evolve through ambitious regional programmes and increasingly complex digital services, this role will be central to embedding a culture of security, integrity, and accountability across the organisation. You will provide trusted assurance to leadership on information security risks, controls, compliance, and data integrity, while driving continuous improvement and ensuring security is embedded into operational and strategic decision-making.

What you will be doing:

• Establish and maintain the organisation’s Cyber and Resilience Strategy
• Translate organisational needs into a coherent data security and lifecycle governance model
• Define security requirements for Business Continuity and Disaster Recovery
• Work with data owners and engineering teams to embed a culture of data literacy
• Ensure CAB/change includes security readiness criteria
• Maintain evidence packs and ISO/QMS artefacts with the Business Management Unit
• Maintain visibility of organisational data assets through evidence-based mapping
• Implement data quality assurance checkpoints in collaboration with Data Engineering
• Build strong working relationships across Technology and Insight service areas, Corporate PMO, Service Desk, suppliers, and operational teams and technical teams
• Act as a coordinator for the WMCA’s formal liaison with national and regional authorities
• Drive continuous improvement in operational processes

What’s essential:

• Running an ISMS and aligning to ISO 27001 in a complex, multi-supplier environment
• Establishing policies, MSBs, risk registers, DPIAs, and supplier security
• CISSP/CISM or ISO 27001 Lead Implementer/Lead Auditor (or equivalent)
• Training or certification in data governance, data quality management, or metadata management (e.g., DCAM, CDMP, DAMA DMBoK-aligned training)
• Experience of working in Agile, Lean or DevOps-aligned delivery practices (e.g., Kanban, flow metrics, sprint planning, CI/CD awareness)
• Experience of working with CABs, release cycles or readiness reviews
• Experience assuring or governing data pipelines, data flows, integrations or data processing environments
• Experience implementing or overseeing data lifecycle governance, including classification, retention, minimisation and defensible deletion
• Experience working with Microsoft Purview, M365 compliance tooling or equivalent enterprise governance platforms
• Strong knowledge of UK GDPR/DPA 2018, ISO 27001, NCSC guidance
• Strong risk and assurance capability

Location: The location for this role is 16 Summer Lane with at least 2 days a week spent in the office.

How to apply:

• Create your Careers Account. Register with your name, email address, and a password.
• Build your Profile. Upload your CV to help populate your career and education details.
• Write your Supporting Statement. Make sure to address each of the required essential criteria.
• Submit your application. Do one final check and once complete, click submit.

Anonymised Applications: Your uploaded CV won’t be visible after submission. Our process is anonymised, and only the information in your profile is used for shortlisting. Be thorough in each section. It’s your chance to showcase your skills and experience.

Using Artificial Intelligence (AI): We cannot stop anyone from using AI to help write application content. Used right, it can be a great tool. If you choose to use AI, then use it as a helper rather than relying on it wholly to write your application. Applications that rely too heavily on AI may be rejected during shortlisting.

Reasonable adjustments: If you have an accessibility need, disability, or condition that means you might require changes to the application or recruitment process, please get in touch with our Recruitment Team.

Salary and benefits: We advertise salary ranges, with new appointments typically starting at the lowest salary point. In exceptional cases, the salary point may be adjusted to secure the best candidate. This approach allows for potential year-on-year salary increases, offering progression and appropriate rewards to employees. Requests for salaries above the maximum advertised range will not be considered.

Benefits include:

• Local Government Pension Scheme (one of the most generous pension schemes in the UK).
• Shared Cost Additional Voluntary Contribution scheme.
• 28 days paid annual leave (with an option to purchase more) + Statutory days.
• Discounted gym membership, will writing, and mortgage advice.
• An option to buy a bicycle, including e-bikes and adapted pedal cycles, at a discounted rate.
• 3 days of paid leave each year to volunteer.
• Interest-free financing through SmartTech to buy the latest technology.
• Discounted shopping with over 2,000 big-name retailers.
• Costco membership through the WMCA.
• Boundless unlocks unlimited entry to top-rated UK attractions.
• Eye Care Scheme, offering a free eye test and a financial contribution towards your glasses.

Our Values and Behaviours:

• Collaborative – We work as one organisation, building trust, connection and shared purpose across teams, partners and customers to create the biggest impact for our region.
• Driven – Focused on impact - leading with clarity, care and courage to deliver meaningful results for the West Midlands.
• Inclusive – Every voice matters - we create belonging, fairness and psychological safety so everyone can thrive.
• Innovative – We think future and act smarter - embracing curiosity, creativity and continuous improvement to shape the future.

Creating an inclusive workplace: WMCA holds diversity accreditations, such as the RACE Code Quality Mark, Armed Forces Covenant (Gold status) and has been recognised as one of the Inclusive Top 50 Employers and The Times Top 50 Employers for Women. We’re a Disability Confident Employer with ‘Leader’ status, committed to interviewing applicants with disabilities who meet all the essential role criteria. We are also proud to be a Ban the Box employer, which means we do not ask about criminal convictions at the initial application stage.

Right to Work in the UK: Proof of Right to Work in the UK will be required for all applicants in accordance with UK Home Office requirements, before any employment offer can be confirmed.