Information Governance & Data Protection Manager

In an increasingly data-driven environment, trust, transparency, and accountability matter more than ever. We are seeking an experienced Information Governance & Data Protection Manager to act as the University's custodian of data protection and information governance, providing expert leadership and assurance across the institution.

This is a senior, influential role at the heart of the University, offering the opportunity to shape strategy, embed best practice, and ensure the highest standards of compliance and ethical information use.

The role

Working within the Registry and reporting to the Assistant Registrar, you will provide professional leadership for the University's information governance and data protection framework. You will act as the University's Data Protection Officer (DPO), serving as the first point of contact for data subjects, the Information Commissioner's Office (ICO), and key internal stakeholders.

You will lead the development of strategy, policies, and risk-based assurance arrangements, overseeing data protection, freedom of information, records management, and privacy-by-design across the University Group.

Key responsibilities

Lead the University's information governance and data protection strategy Act as the University's Data Protection Officer (DPO), liaising with the ICO and data subjects Ensure compliance with UK GDPR, the Data Protection Act 2018, FOI/EIR and related regulations Oversee and assure the handling of information rights requests (SARs, FOI/EIR), including complex cases Lead on data breach management, reporting, and post-incident review Develop and maintain Records of Processing Activities (ROPA) and Information Asset Registers (IARs) Lead and quality-assure Data Protection Impact Assessments (DPIAs), embedding privacy by design and default Develop and review privacy notices, data sharing agreements, and related documentation Provide expert advice and assurance to senior leaders, committees, and project teams Design and deliver training and guidance to embed information governance responsibilities across the University

You will bring substantial, practical experience in data protection and information governance, with a strong understanding of UK GDPR and regulatory expectations. You will be confident operating independently, providing impartial advice at senior level, and influencing decision-making in a complex organisation.