Information Security & Integrity Manager in Birmingham

What you will be doing:

• Establish and maintain the organisation's Cyber and Resilience Strategy.
• Translate organisational needs into a coherent data security and lifecycle governance model.
• Define security requirements for Business Continuity and Disaster Recovery.
• Work with data owners and engineering teams to embed a culture of data literacy.
• Ensure CAB/change includes security readiness criteria.
• Maintain evidence packs and ISO/QMS artefacts with the Business Management Unit.
• Maintain visibility of organisational data assets through evidence‑based mapping.
• Implement data quality assurance checkpoints in collaboration with Data Engineering.
• Build strong working relationships across Technology and Insight service areas, Corporate PMO, Service Desk, suppliers, and operational teams and technical teams.
• Act as a coordinator for the WMCA's formal liaison with national and regional authorities.
• Drive continuous improvement in operational processes.

What's essential:

• Running an ISMS and aligning to ISO 27001 in a complex, multi‑supplier environment.
• Establishing policies, MSBs, risk registers, DPIAs, and supplier security.
• CISSP/CISM or ISO 27001 Lead Implementer/Lead Auditor (or equivalent).
• Training or certification in data governance, data quality management, or metadata management (e.g., DCAM, CDMP, DAMA DMBoK‑aligned training).
• Experience of working in Agile, Lean or DevOps‑aligned delivery practices (e.g., Kanban, flow metrics, sprint planning, CI/CD awareness).
• Experience of working with CABs, release cycles or readiness reviews.
• Experience assuring or governing data pipelines, data flows, integrations or data processing environments.
• Experience implementing or overseeing data lifecycle governance, including classification, retention, minimisation and defensible deletion.
• Experience working with Microsoft Purview, M365 compliance tooling or equivalent enterprise governance platforms.
• Strong knowledge of UK GDPR/DPA 2018, ISO 27001, NCSC guidance.
• Strong risk and assurance capability.

Location:

The location for this role is 16 Summer Lane with at least 2 days a week spent in the office.

Salary and benefits:

• We advertise salary ranges, with new appointments typically starting at the lowest salary point. In exceptional cases, the salary point may be adjusted to secure the best candidate.
• This approach allows for potential year‑on‑year salary increases, offering progression and appropriate rewards to employees.
• Requests for salaries above the maximum advertised range will not be considered.
• Local Government Pension Scheme - one of the most generous pension schemes in the UK.
• Shared Cost Additional Voluntary Contribution scheme where you can build an additional pot of money alongside your pension with contributions exempt from Income Tax and National Insurance contributions (NICs).
• 28 days paid annual leave (with an option to purchase more) + Statutory days.
• EV car benefit scheme.
• Healthcare plans.
• Discounted gym membership, will writing, and mortgage advice.
• An option to buy a bicycle, including e‑bikes and adapted pedal cycles, at a discounted rate.
• 3 days of paid leave each year to volunteer.
• Interest‑free financing through SmartTech to buy the latest technology.
• Discounted shopping with over 2,000 big‑name retailers, and more.
• You can now also obtain a Costco membership through the WMCA.
• Boundless unlocks unlimited entry to top‑rated UK attractions and loads of extra benefits and discounts.
• Eye Care Scheme offering a free eye test and a financial contribution towards your glasses.

Reasonable adjustments:

If you have an accessibility need, disability, or condition that means you might require changes to the application or recruitment process, please get in touch with our Recruitment Team (careers@wmca.org.uk).

Right to Work in the UK:

Proof of Right to Work in the UK will be required for all applicants in accordance with UK Home Office requirements, before any employment offer can be confirmed. Non‑UK applicants (excluding Ireland) would be required to hold a relevant Visa from the UK Visas and Immigration (UKVI).