Information Manager/Data Manager

Reporting to the Information Security Lead, the Information Manager will drive all aspects of information management across the group. This includes the development, definition, and implementation of data governance and retention strategies in close collaboration with the business, ensuring that information assets are effectively used, secured, and aligned with legal, regulatory, and operational objectives.

The successful candidate will work closely with the Data Privacy team to establish policies and practices related to data governance, retention, and regulatory compliance. A particular focus will be on defining and supporting the organisation’s Record of Processing Activities (ROPA), in line with GDPR and other applicable frameworks. This collaboration will ensure the integrity, availability, and appropriate use of data across its lifecycle.

This role requires a blend of strategic oversight and practical execution, with the ability to turn vision into action. The Information Manager will partner with key stakeholders across IT, legal, compliance, and the wider business to optimise data usage, ensure regulatory alignment, and mature the overall information management function. A diplomatic and pragmatic approach to data governance and stakeholder engagement will be critical to success.

Key Responsibilities

Information Management and Strategy

• Develop and implement an enterprise-wide information management and retention strategy that aligns with CVC’s business objectives and compliance requirements.
• Ensure information assets are effectively structured, maintained, and utilised to support strategic decision-making and operational efficiency.
• Define and enforce policies for data classification, lifecycle management, and records retention, ensuring data integrity and accessibility.
  
  

Data Governance and Compliance

• Establish and enforce policies to govern data ownership, classification, and lifecycle, ensuring alignment with financial regulations such as GDPR, DORA, and other industry frameworks.
• Work closely with the Data Privacy team to align data governance practices, particularly focusing on data retention policies and supporting the maintenance and continuous improvement of the Record of Processing Activities (ROPA).
• Ensure compliance with data retention policies, monitoring adherence across all business units.
• Lead the development and implementation of a data governance framework, including data stewardship, accountability, and quality standards.
• Act as a liaison between IT, legal, and regulatory authorities to ensure adherence to applicable compliance standards and reporting obligations.
• Oversee data audits and develop compliance reports to demonstrate adherence to regulatory requirements and internal policies.
  
  

Information Security and Risk Management

• Implement security controls to protect sensitive data and financial information from cyber threats, unauthorised access, and data breaches.
• Collaborate with security teams to enhance incident response and business continuity plans related to data protection and retention.
• Ensure secure handling, storage, and disposal of information assets to mitigate risks related to data loss, leakage, or unauthorised access.
  
  

Stakeholder Engagement

• Work closely with internal stakeholders to align information management practices with business needs.
• Partner with IT teams to ensure data retention, storage, and access policies align with regulatory requirements and operational goals.
• Manage vendor relationships related to data management tools and services, ensuring third-party compliance with security and retention policies.
  
  

Performance Monitoring and Reporting

• Develop and track key performance indicators (KPIs) for information management, security, and compliance.
• Provide senior management with strategic insights based on data analysis, system performance, and compliance trends.
• Ensure documentation of data management policies and procedures is up to date and effectively communicated across the organisation.
  
  

Person Specification

• Strategic thinking with strong problem-solving and decision-making abilities.
• Strong communication and collaboration abilities, with the capability to work across departments.
• Analytical mindset with the ability to derive insights from complex datasets.
• Resilience and adaptability to work in a fast-paced, highly regulated industry.
• Proactive and solutions-oriented mindset, capable of balancing strategic oversight with hands-on execution.
  
  

Key Qualifications

• Bachelor’s degree in Information Technology, Computer Science, or a related field
• Certifications such as ITIL, PMP, CISM, or similar are highly desirable
  
  

Experience

• Proven track record of 5+ years in IT Information Systems, Data Governance, or Information Security roles within the financial services industry
• Strong knowledge of financial systems, data governance, and regulatory compliance frameworks, including GDPR, DORA, and ISO 27001
• Expertise in cybersecurity best practices, risk management, and IT systems
• Experience in implementing data retention strategies, managing data loss prevention (DLP) tools, and leading compliance audits
• Familiarity with industry standards and best practices related to information security governance and regulatory reporting
  
  

Personal Characteristics

The Successful Candidate Should Demonstrate The Following Personal Characteristics

• Excellent written, verbal and interpersonal communication skills
• Effective at building effective and long-lasting partnerships / working relationships
• Effective influencing and negotiation skills
• Highly self-motivated, self-directed and attentive to detail
• Happy working with a distributed remote team
• Collaborative and inclusive approach to working with colleagues
  
  

Important: CVC value the benefits of having a diverse team and we understand that some candidates (especially women, according to Sheryl Sandberg in her book Lean In) may not apply for a role unless they can tick off all the requirements. CVC would love to hear from all applicants that would be excited in working in our new operational security team that have much of what we are looking for and maybe looking for a stretch role to develop their career. CVC can support applicants with a range of flexible working arrangements.