Information Security and Privacy Manager

Information Security and Privacy Manager
Location: West Midlands
Salary: £75,000 - £85,000
Hybrid working - Once a week in the office

Are you passionate about information security and privacy? We re seeking an experienced Information Security and Privacy Manager to lead the charge in delivering robust security solutions within a dynamic, regulated environment. This role is vital in driving security initiatives, safeguarding sensitive data, and ensuring compliance with privacy legislation.

About the Role: As the Information Security and Privacy Manager, you will report directly to the Executive Director of Finance & Shared Services, playing a key role in protecting the organization s reputation and ensuring regulatory compliance. You will be responsible for building a strong security culture, leading internal security assessments, managing data privacy risks, and ensuring compliance with industry regulations such as GDPR and ISO27001.
This is a hands-on role suited to an experienced Data Protection Officer (DPO) or privacy professional with deep knowledge of compliance frameworks and information security standards.

Key Responsibilities:

• Define and implement information security policies and processes across the organization.
• Serve as the subject matter expert in security and privacy, advising colleagues and senior stakeholders up to board level.
• Lead internal security risk assessments, security training programs, and oversee ISO27001 audits.
• Manage security incidents and breaches, ensuring swift response and mitigation.
• Ensure ongoing compliance with GDPR and other relevant privacy regulations.
• Perform Data Privacy Impact Assessments (DPIA) and Data Protection Audits.
• Collaborate with internal teams to align security and privacy measures with business needs.
• Monitor updates in privacy legislation and drive organizational compliance.

Technical Expertise:

• Proven expertise in information security and privacy, with certifications such as CISSP, CISM, ISO27001 Lead Auditor, GDPR Practitioner, or equivalent.
• Strong knowledge of compliance frameworks (ISO27001, GDPR) and experience in IT security.
• Significant experience as a Data Protection Officer (DPO), managing data privacy programs and ensuring GDPR compliance.
• Expertise in Data Privacy Impact Assessments (DPIAs), handling subject access requests, and managing data breaches.
• In-depth understanding of privacy and data protection legislation, including GDPR.

Qualifications & Experience:

• 3+ years of experience in assurance or managerial roles, with 4+ years in security and/or privacy roles.
• Demonstrable experience as a DPO or in a privacy-related role.
• Strong influencing skills, with experience engaging senior stakeholders and executives.
• Excellent communication skills and the ability to build trusted relationships across the organization.
• Comprehensive understanding of risk management and commercial acumen to support procurement teams.
• Ability to thrive in a fast-paced environment, solve challenges proactively, and drive progress.

What's in it for you? This is a critical opportunity to safeguard data and lead security initiatives within an organization that manages large amounts of sensitive data in a regulated market. You'll work in a collaborative environment, with the chance to make a significant impact on the business while advancing your career.

If you're ready to step into a pivotal role in information security and privacy, we'd love to hear from you.