Information Security & Integrity Manager

We are seeking an experienced and forward-thinking Information Security & Integrity Manager for a period of 12 months, to play a critical role in strengthening how the West Midlands Combined Authority (WMCA) protects, governs, and assures the use of its information assets and data.

This is a high-profile opportunity to lead the development and continuous improvement of the WMCA’s Information Security Management System (ISMS), ensuring the organisation has clear, evidence-based assurance over how information is handled, secured, governed, and retained. Working closely with senior leadership, audit, cyber security, data, and technology teams, you will help shape a robust security and governance framework that supports organisational transformation while ensuring compliance with ISO standards, UK GDPR, and best practice.

As the WMCA continues to evolve through ambitious regional programmes and increasingly complex digital services, this role will be central to embedding a culture of security, integrity, and accountability across the organisation. You will provide trusted assurance to leadership on information security risks, controls, compliance, and data integrity, while driving continuous improvement and ensuring security is embedded into operational and strategic decision-making.

We are looking for someone with strong expertise in information security governance, risk management, and data assurance, alongside the confidence to influence at senior level and lead organisation-wide improvements that deliver real impact for the region.

What you will be doing

• Establish and maintain the organisation’s Cyber and Resilience Strategy
• Translate organisational needs into a coherent data security and lifecycle governance model
• Define security requirements for Business Continuity and Disaster Recovery
• Work with data owners and engineering teams to embed a culture of data literacy
• Ensure CAB/change includes security readiness criteria
• Maintain evidence packs and ISO/QMS artefacts with the Business Management Unit
• Maintain visibility of organisational data assets through evidence-based mapping
• Implement data quality assurance checkpoints in collaboration with Data Engineering
• Build strong working relationships across Technology and Insight service areas, Corporate PMO, Service Desk, suppliers, and operational teams and technical teams
• Act as a coordinator for the WMCA’s formal liaison with national and regional authorities
• Drive continuous improvement in operational processes

What’s essential

• Running an ISMS and aligning to ISO 27001 in a complex, multi-supplier environment
• Establishing policies, MSBs, risk registers, DPIAs, and supplier security
• CISSP/CISM or ISO 27001 Lead Implementer/Lead Auditor (or equivalent)
• Training or certification in data governance, data quality management, or metadata management (e.g., DCAM, CDMP, DAMA DMBoK-aligned training)
• Experience of working in Agile, Lean or DevOps-aligned delivery practices (e.g., Kanban, flow metrics, sprint planning, CI/CD awareness)
• Experience of working with CABs, release cycles or readiness reviews
• Experience assuring or governing data pipelines, data flows, integrations or data processing environments
• Experience implementing or overseeing data lifecycle governance, including classification, retention, minimisation and defensible deletion
• Experience working with Microsoft Purview, M365 compliance tooling or equivalent enterprise governance platforms
• Strong knowledge of UK GDPR/DPA 2018, ISO 27001, NCSC guidance
• Strong risk and assurance capability

Location. 

The location for this role is 16 Summer Lane with at least 2 days a week spent in the office.

How to apply. 

Applying for a role with WMCA is straightforward. Follow these steps to get started.

1. Create your Careers Account. Register with your name, email address, and a password.
2. Build your Profile. Upload your CV to help populate your career and education details.
3. Write your Supporting Statement. Make sure to address each of the required essential criteria.
4. Submit your application. Do one final check and once complete, click submit.

Anonymised Applications.

Your uploaded CV won’t be visible after submission. Our process is anonymised, and only the information in your profile is used for shortlisting. Be thorough in each section. It’s your chance to showcase your skills and experience.

Using Artificial Intelligence (AI) 

We cannot stop anyone from using AI to help write application content. Used right, it can be a great tool. If you choose to use AI, then use it as a helper rather than relying on it wholly to write your application.

Applications that rely too heavily on AI may be rejected during shortlisting. For help on how to write a supporting statement, please visit the FAQs section of our careers site.

Reasonable adjustments.

If you have an accessibility need, disability, or condition that means you might require changes to the application or recruitment process, please get in touch with our Recruitment Team (careers@wmca.org.uk).

Salary and benefits.

We advertise salary ranges, with new appointments typically starting at the lowest salary point. In exceptional cases, the salary point may be adjusted to secure the best candidate. This approach allows for potential year-on-year salary increases, offering progression and appropriate rewards to employees. Requests for salaries above the maximum advertised range will not be considered.

We offer a comprehensive benefits package that includes:

• Local Government Pension Scheme (one of the most generous pension schemes in the UK).
• Shared Cost Additional Voluntary Contribution scheme where you can build an additional pot of money alongside your pension with contributions exempt from Income Tax and National Insurance contributions (NICs). 
• 28 days paid annual leave (with an option to purchase more) + Statutory days. 
• EV car benefit scheme
• Healthcare plans.
• Discounted gym membership, will writing, and mortgage advice.
• An option to buy a bicycle, including e-bikes and adapted pedal cycles, at a discounted rate.
• 3 days of paid leave each year to volunteer.
• Interest-free financing through SmartTech to buy the latest technology
• Discounted shopping with over 2,000 big-name retailers, and more. You can now also obtain a Costco membership through the WMCA.   
• Boundless unlocks unlimited entry to top-rated UK attractions and loads of extra benefits and discounts.
• Eye Care Scheme, offering a free eye test and a financial contribution towards your glasses. 

For more information, please visit the benefits page on our career site.

Why join WMCA?

WMCA is laser-focused on improving the West Midlands, bringing economic growth, jobs, homes, and better journeys to the region. We target local needs where it matters most, ensuring everyone has a job that pays well and has access to safe and affordable places they can call home.

We put people and place at the heart of everything we do, working hand in hand with our partners to direct funding where it's needed most. What you do, really matters. Your expertise will help make a big difference, improving people's lives, every day.

Our Values and Behaviours. 

Fostering an environment where people feel valued, included, supported, and proud to contribute to our region is important to us at the WMCA. Our behaviours are more than statements; they guide how we work, make decisions, and treat one another - they set the standards we hold ourselves to and the experience we want others to have.

• Collaborative - We work as one organisation, building trust, connection and shared purpose across teams, partners and customers to create the biggest impact for our region.
• Driven - Focussed on impact - leading with clarity, care and courage to deliver meaningful results for the West Midlands. 
• Inclusive - Every voice matters - we create belonging, fairness and psychological safety so everyone can thrive. 
• Innovative - We think future and act smarter - embracing curiosity, creativity and continuous improvement to shape the future. 

Creating an inclusive workplace.

WMCA holds diversity accreditations, such as the RACE Code Quality Mark, Armed Forces Covenant (Gold status) and has been recognised as one of the Inclusive Top 50 Employers and The Times Top 50 Employers for Women. We’re a Disability Confident Employer with ‘Leader’ status, committed to interviewing applicants with disabilities who meet all the essential role criteria.

We are also proud to be a Ban the Box employer, which means we do not ask about criminal convictions at the initial application stage, and will only ask after an offer is made as part of our onboarding checks, which helps us remove barriers for people with past convictions and supporting fair opportunities for all.

We recognise that certain groups, such as women and people of colour, may be less likely to apply for roles if they feel they do not meet all the requirements. However, we encourage individuals who are passionate about the role and want to make a difference to still apply. We value potential and encourage applicants to highlight their skills, including transferable ones, even if they don't fit the traditional "perfect candidate" mould.

We gladly consider part-time, flexible, and job share arrangements, so please don't let these factors deter you from applying

Right to Work in the UK

Proof of Right to Work in the UK will be required for all applicants in accordance with UK Home Office requirements, before any employment offer can be confirmed.

Non-UK applicants (excluding Ireland) would be required to hold a relevant Visa from the UK Visas and Immigration (UKVI).