Information Governance Manager | Lead Level

Role Purpose & Context

Role Summary

The Information Governance Manager is responsible for leading, designing, and overseeing our company's information governance programme, particularly within the Compliance, Quality, Health & Safety space. This directly impacts our ability to avoid regulatory fines, manage legal risks, and make sure we can find critical information when we need it. You'll sit right at the intersection of Legal, IT, and our operational business units, translating complex regulatory requirements into practical, everyday processes that people can actually follow.

Reporting Structure

Reports to: Director, Information Governance
Direct reports: Typically 3-8 direct reports (Information Governance Analysts/Specialists), potentially including a Lead.
Matrix relationships: Head of Information Governance, Lead Data Governance Manager, Compliance Information Lead,

Key Stakeholders

Internal:

SVP of Operations
Head of Legal & Compliance
Chief Information Officer (CIO)
Business Unit Leaders (e.g., Head of Manufacturing, Head of R&D)
Internal Audit Team
Data Protection Officer (DPO)

External:

External auditors (e.g., ISO, regulatory bodies)
Legal counsel (external firms)
Regulatory agencies (e.g., HSE, CQC, MHRA, ICO)
eDiscovery vendors
GRC platform providers

Organisational Impact

Scope: When this role is done well, we'll have a clear, defensible position on all our information, drastically reducing our risk of fines from regulators like the ICO or HSE. We'll also save a significant amount on storage costs and, crucially, be able to respond quickly and accurately to any legal or audit requests. When it's not, honestly, we're looking at potential multi-million-pound fines, reputational damage, and the inability to defend ourselves in court. The challenge is getting everyone across the business to understand that good information governance isn't just 'IT's problem' or 'Legal's problem' – it's everyone's. The reward is knowing you're protecting the company from serious harm and making sure we can actually use our data effectively and ethically.

Performance Metrics

Quantitative Metrics

Metric: Reduction in Enterprise Data Storage Costs
Desc: The overall cost savings achieved through effective defensible disposition programmes and ROT (Redundant, Obsolete, Trivial) data clean-ups.
Target: Achieve a minimum of £500,000 in annualised storage cost savings.
Freq: Quarterly, reviewed against IT budget and storage reports.
Example: By Q4, we've reduced our cloud storage footprint by 15%, equating to £650,000 in projected annual savings, primarily from decommissioning old project archives and implementing new retention policies.
Metric: Regulatory Fines & Sanctions Avoidance
Desc: The number of regulatory fines or significant sanctions received due to information mismanagement or non-compliance.
Target: Zero fines or significant sanctions related to information governance breaches.
Freq: Annually, reported to the Board Audit Committee.
Example: For the last financial year, we reported zero regulatory fines from the ICO, HSE, or other relevant bodies, directly attributable to robust information governance practices.
Metric: Information Governance Maturity Score Improvement
Desc: Progress in the company's overall information governance maturity, often assessed against industry frameworks like Gartner's or ARMA's maturity models.
Target: Improve our IG maturity score from Level 2 ('Aware') to Level 4 ('Managed') within three years.
Freq: Annually, via internal or external assessment.
Example: Our latest assessment showed an increase from 2.5 to 3.2 on the IG maturity scale, with significant improvements in policy enforcement and data classification adoption.
Metric: eDiscovery Cost Avoidance
Desc: The financial savings realised by improving in-house eDiscovery processes, reducing reliance on external vendors, and optimising data collection.
Target: Demonstrate £1,000,000+ in eDiscovery cost avoidance over a three-year period.
Freq: Annually, tracked against legal spend and vendor invoices.
Example: Through implementing a new in-place legal hold process and refining our data collection workflows, we've reduced external eDiscovery vendor spend by £350,000 this year.

Qualitative Metrics

Metric: Strategic Influence & Advisory Role
Desc: How effectively you act as the primary advisor to business unit leaders and senior management on information risk and governance matters.
Evidence: You're regularly invited to strategic planning meetings for new systems or projects; business leaders proactively seek your input before making data-related decisions; positive feedback from executive stakeholders on your guidance and recommendations.
Metric: Team Leadership & Development
Desc: The growth and effectiveness of your direct reports, and your ability to build a high-performing Information Governance team.
Evidence: High team retention rates; positive feedback in 360-degree reviews about your coaching and mentorship; successful completion of team projects; demonstrable skill development within your team members, leading to promotions or increased responsibilities.
Metric: Programme Design & Implementation Quality
Desc: The robustness, practicality, and adoption rate of the information governance programmes and policies you design and implement.
Evidence: Audit findings consistently confirm compliance with your policies; high user adoption rates for new tools or processes (e.g., data classification); positive feedback from end-users on the clarity and usability of governance guidelines; policies are consistently applied across departments.
Metric: Cross-Functional Collaboration & Consensus Building
Desc: Your ability to work effectively with Legal, IT, and business units to get everyone on the same page regarding information governance.
Evidence: Successful resolution of conflicting data requirements between departments; joint projects with IT or Legal that deliver on time and budget; positive feedback from peer leaders on your collaborative approach and ability to find common ground.

Primary Traits

Trait: Meticulous (Detail-Oriented)
Manifestation: You're the person who spots the incorrect date format in a 10,000-line retention schedule, knowing that one wrong date could invalidate a whole batch of records. You'll cross-reference a new policy against three overlapping regulations before publishing, because 'close enough' just isn't good enough here. Honestly, you'd never use 'approximately' when discussing the scope of a legal hold; it's always precise.
Benefit: An error in a retention period for environmental monitoring data, for instance, could lead to millions in fines and severe reputational damage. In this role, precision isn't just a preference; it's a core function that directly mitigates significant legal and financial risk. Your job is to catch the £50K formula error before it ever sees the light of day.
Trait: Diplomatic (Influential)
Manifestation: You can persuade the Head of Engineering to adopt a new records process by framing it as risk reduction for *their* department, not just a compliance mandate. You'll navigate conversations where Legal, IT, and a business unit have genuinely conflicting needs for the same data, finding a path forward that works for everyone. It's about getting people to agree, even when it's inconvenient for them.
Benefit: Truth is, this role often has no direct hierarchical authority over the business units you need to influence. Your success depends entirely on your ability to build consensus, communicate the 'why' behind governance, and get people to do the right thing—even when it means extra work for them. It's about influence, not command.
Trait: Pragmatic (Process-Minded)
Manifestation: You're the one who designs a data classification system with four simple labels that people will actually use, rather than a theoretically perfect 20-label system that will just be ignored. You'll create a one-page guide for legal holds instead of a 50-page manual. It's about making complex legal and regulatory requirements understandable and actionable for the average employee.
Benefit: Perfect governance on paper is absolutely useless if it's too complex or impractical for the real world. This role demands someone who can translate complex legal and regulatory requirements into simple, repeatable processes for the entire organisation. If it's not practical, it won't be adopted, and then we're back to square one with all the risks.

Supporting Traits

Trait: Resilient
Desc: You'll need to bounce back quickly after a senior leader dismisses a key policy recommendation, or when a project you've worked hard on gets deprioritised. It's about picking yourself up and finding another angle.
Trait: Patient
Desc: Expect to explain the concept of 'legal hold' for the tenth time to the same project team without showing frustration. You'll be a constant educator, and that takes a lot of patience.
Trait: Articulate
Desc: You'll need to clearly explain the business risk of 'data hoarding' to non-technical executives, or the nuances of a new retention schedule to a group of busy engineers. Your ability to communicate complex ideas simply is key.
Trait: Systematic
Desc: When faced with a massive, unstructured shared drive cleanup, you'll approach it with a clear, phased methodology, breaking down an overwhelming problem into manageable steps. This isn't a role for ad-hoc solutions.

Primary Motivators

Motivator: Protecting the Organisation
Daily: You'll feel a deep satisfaction knowing that your work directly shields the company from regulatory fines, legal challenges, and reputational damage. Every policy you implement, every clean-up you lead, contributes to this.
Motivator: Solving Complex Puzzles
Daily: You'll thrive on the intellectual challenge of translating vague legal requirements into concrete, actionable processes, or figuring out how to govern data across disparate, legacy systems.
Motivator: Building and Leading a Team
Daily: You'll enjoy developing your direct reports, mentoring them, and seeing them grow into capable information governance professionals. Your leadership will be crucial to the team's success.

Potential Demotivators

Honestly, this role isn't for everyone. You'll often feel like you're constantly being viewed as the 'Department of No' or a 'business prevention unit' rather than a strategic risk mitigator. You'll spend a fair bit of time fighting for budget for governance initiatives that don't directly generate revenue, even though they prevent multi-million-pound fines. And yes, you'll rerun the same analysis three times because stakeholders keep changing the question. If you need constant positive reinforcement or direct credit for revenue generation, you might find this challenging.

Common Frustrations

The political battle against data hoarders—business leaders who insist on keeping everything 'just in case,' creating massive legal and storage costs.
Discovering a critical business unit is running on 'Shadow IT' (e.g., using a personal Smartsheet to track safety incidents), creating a huge, ungoverned risk that you then have to fix.
The endless task of cleaning up legacy data messes from past mergers or decades of neglect with no clear ownership, often feeling like you're boiling the ocean.
Explaining to a senior executive why their team can't use a new, unvetted cloud tool, and being overruled only to have to clean up the inevitable mess later.

What Role Doesn't Offer

A role where you're solely focused on greenfield projects; there's a lot of legacy clean-up here.
A quiet, predictable environment; expect urgent legal hold requests or audit demands to drop at any time.
A direct path to P&L ownership in a revenue-generating capacity; your P&L impact is through cost avoidance and risk mitigation.

ADHD Positives

The varied nature of information governance work, switching between policy, technology, and people challenges, can suit those who thrive on novelty and diverse tasks.
The urgent, high-stakes nature of legal holds or audit responses can provide the necessary pressure and focus for hyperfocus.

ADHD Challenges and Accommodations

The meticulous attention to detail required for retention schedules or data mapping might be challenging; we can help with structured templates and regular check-ins.
Managing multiple long-term projects simultaneously can be tricky; we use project management tools and can help break down large tasks into smaller, more manageable chunks.
We can offer noise-cancelling headphones for focus and flexible working arrangements to help manage energy levels.

Dyslexia Positives

Strong conceptual thinking and problem-solving skills, often associated with dyslexia, are highly valued when designing new governance frameworks or troubleshooting complex data issues.
The ability to see the 'big picture' and make connections others miss is crucial for strategic information governance.

Dyslexia Challenges and Accommodations

Heavy reliance on written policy documents and detailed reports can be challenging; we encourage the use of dictation software, proofreading tools, and visual aids for communication.
We can provide templates for common documents and offer support for reviewing critical written outputs.
Meetings can be structured with agendas and pre-reads to allow for processing time, and we're happy to provide meeting notes.

Autism Positives

A strong preference for logic, systems, and adherence to rules aligns well with the core principles of information governance and compliance.
The ability to focus deeply on complex technical or regulatory details without distraction is a significant asset.
Direct and clear communication, often preferred by autistic individuals, is highly valued in a field where ambiguity can lead to risk.

Autism Challenges and Accommodations

The need for extensive cross-functional influence and navigating organisational politics might be challenging; we can provide coaching on stakeholder engagement and clear communication strategies.
Unexpected changes or urgent requests can be disruptive; we aim to provide as much notice as possible for shifts in priority and offer structured support during high-pressure situations.
We can offer a consistent work environment, clear expectations, and a predictable routine where possible, alongside opportunities for focused, independent work.

Sensory Considerations

Our main office environment is typically open-plan, which means some background noise and activity. However, we also have quiet zones, private meeting rooms, and offer flexible working options (hybrid home/office) to help manage sensory input. Visually, it's a standard office setting, and social interactions are a mix of planned meetings and informal chats. We're always open to discussing specific needs.

Flexibility Notes

We believe in creating an inclusive environment. If you have specific needs or require adjustments, please don't hesitate to discuss them with us during the application process or at any point in your employment. We're committed to finding solutions that work for everyone.

Key Responsibilities

Experience Levels Responsibilities

Level: Information Governance Manager
Responsibilities: Own the entire Information Governance programme end-to-end. This means you're responsible for its design, implementation, and ongoing effectiveness across the organisation. If it's about how we handle information, it's your baby.
Lead and develop your team of Information Governance Analysts and Specialists. You'll be doing regular 1-on-1s, setting objectives, managing performance, and making sure they're growing in their careers. Think of yourself as their coach and mentor.
Design and implement enterprise-wide records retention schedules and data classification schemas. You'll work closely with Legal to make sure these are legally defensible and with IT to ensure they're technically feasible. Get this wrong, and we're either keeping too much data (costly, risky) or deleting too little (even riskier).
Oversee the company's eDiscovery and legal hold response processes. When a legal challenge comes in, you're the one making sure we preserve the right data, collect it properly, and get it to Legal on time. This is high-stakes work, so precision is key.
Act as the primary advisor to business unit leaders on all things information governance. They'll come to you with questions about new systems, data sharing, or how to handle sensitive information. You'll need to give clear, pragmatic advice that balances their needs with our compliance obligations.
Manage the budget for the Information Governance function, including vendor relationships and technology investments. You'll be making decisions on what tools we buy, who we partner with, and how we spend our money to maximise impact.
Develop and deliver regular training and awareness programmes for employees across the company. It's not enough to have great policies; people need to understand them and know how to apply them in their daily work. You'll make sure that happens.
Supervision: You'll be largely self-directed, with quarterly objectives agreed with the Director of Information Governance. Day-to-day, you're autonomous, but you'll check in regularly to ensure strategic alignment and discuss any major roadblocks. You're expected to manage your own workload and that of your team.
Decision: You'll have significant decision authority within your domain. This includes full ownership of the Information Governance programme's operational decisions, budget allocation up to £250,000 (with Director consultation for larger sums), hiring and performance management for your direct reports, and vendor selection up to £100,000. For major strategic shifts or P&L impacts above £500,000, you'll consult with the Director and potentially the wider executive team.
Success: Success here means consistently hitting your quantitative metrics (like storage cost reduction and zero fines), but also building a highly capable and respected IG team. It means business units proactively seeking your advice, and our information governance framework being recognised as robust and practical during internal and external audits. Ultimately, it's about demonstrably reducing the company's information risk profile.

Decision-Making Authority

Type: New Policy Implementation
Entry: Follows established policy implementation plan, escalates any user resistance.
Mid: Drafts minor policy updates, proposes implementation steps, seeks manager approval.
Senior: Leads policy drafting, develops implementation strategy, makes recommendations to leadership for approval.
Type: eDiscovery Response
Entry: Executes pre-defined search queries, applies legal holds to specified custodians under supervision.
Mid: Manages routine eDiscovery cases, refines search terms, coordinates data collection with IT, escalates complex issues.
Senior: Leads complex eDiscovery matters, advises Legal on data scope, manages external vendors for specific cases.
Type: Budget Allocation (IG Programme)
Entry: No budget authority, flags resource needs to supervisor.
Mid: Proposes small project expenses (e.g., training materials) for approval.
Senior: Manages project budgets up to £5K, recommends larger investments to Director.
Type: Team Hiring & Performance
Entry: No hiring authority, provides feedback on team processes.
Mid: Participates in interview panels, provides peer feedback.
Senior: Interviews candidates, provides input on team structure, mentors junior staff.

Supercharge Your Information Governance: Save 15-25 Hours Weekly with AI!

Let's be real, information governance can feel like a never-ending battle against data sprawl. But what if you could offload some of the grunt work and focus on the strategic stuff? AI isn't just a buzzword; it's a game-changer for how we manage information, especially in Compliance, Quality, Health & Safety.

ID:

Tool: Automated Data Classification Oversight

Benefit: You'll oversee AI/ML tools (like those in Microsoft Purview or Varonis) that automatically scan, understand, and apply sensitivity and retention labels to millions of files and emails based on their content – think identifying PII in incident reports or confidential audit findings. Your role shifts to validating the AI's accuracy and fine-tuning the rules, rather than manual tagging.

ID:

Tool: Proactive Risk Detection & Analysis

Benefit: Use AI to analyse vast data access patterns and content to proactively identify high-risk behaviour. This could be a user suddenly accessing thousands of confidential safety audit files, or sensitive data being stored in an unsanctioned cloud location. The AI flags the anomalies, and you investigate and strategise the response, moving from reactive firefighting to proactive risk mitigation.

ID: ⚖️

Tool: Strategic Regulatory Intelligence

Benefit: Leverage AI assistants to monitor, summarise, and analyse new or updated CQHS regulations (from OSHA, EPA, HSE, CQC, etc.) and legal precedents. The AI highlights changes that impact your current information governance policies, giving you a head start on adapting our frameworks and advising leadership on potential impacts, saving you hours of legal research.

ID: ✍️

Tool: Policy & Communication Drafting Assistant

Benefit: Use generative AI to create the first draft of new governance policies, standard operating procedures (SOPs), and user-friendly training communications for your team and the wider organisation. This helps you overcome the 'blank page' syndrome and speeds up the documentation process, allowing you to focus on the strategic content and validation.

Expect to save roughly 15-25 hours weekly by integrating AI into your workflow and your team's processes. Weekly time savings potential

You'll typically use 2-3 core AI-powered tools or features within existing platforms, plus general-purpose AI assistants. Typical tool investment

Explore AI Productivity for Information Governance Manager →

12-15 specific tools & techniques with implementation guides

Competency Requirements

Foundation Skills (Transferable)

Beyond the technical know-how, this role demands a strong set of 'human' skills. You're leading a team, influencing senior leaders, and navigating complex organisational dynamics. These are the foundational abilities that will truly make you successful.

Category: Leadership & Team Development
Skills: Coaching & Mentoring: You'll need to guide and develop your direct reports, helping them grow their skills and tackle complex problems. This isn't just about delegating; it's about enabling.
Performance Management: Setting clear expectations, providing constructive feedback, and managing individual and team performance to achieve programme goals. Sometimes, that means having tough conversations.
Strategic Planning: Translating the company's overall business strategy into a clear, actionable information governance roadmap that your team can execute.
Change Management: Leading the organisation through shifts in how we handle information, which often involves overcoming resistance and building buy-in.
Category: Communication & Influence
Skills: Executive Communication: Presenting complex information governance risks and strategies to C-suite executives and board committees in a clear, concise, and impactful way. They don't want the technical weeds.
Negotiation & Consensus Building: Getting disparate teams (Legal, IT, business units) to agree on a common approach to information governance, even when their priorities conflict.
Training & Awareness: Designing and delivering engaging training programmes that make complex governance concepts understandable and actionable for all employees.
Category: Problem-Solving & Decision-Making
Skills: Complex Problem Solving: Tackling ambiguous, multi-faceted information governance challenges where there isn't a clear-cut answer, often involving legacy systems and conflicting requirements.
Risk Assessment & Mitigation: Identifying potential information risks (e.g., data loss, non-compliance) and designing practical strategies to reduce or eliminate them.
Pragmatic Decision-Making: Making sound, timely decisions that balance legal/regulatory compliance with business operational needs and technical feasibility. Perfection is the enemy of good enough sometimes.
Category: Adaptability & Resilience
Skills: Navigating Ambiguity: Thriving in situations where the path forward isn't always clear, and priorities can shift rapidly due to new regulations or business needs.
Stress Tolerance: Remaining calm and effective under pressure, especially during urgent eDiscovery requests or high-stakes audits.
Continuous Learning: Staying on top of evolving regulations, technologies, and best practices in information governance and the broader CQHS sector.

Functional Skills (Role-Specific Technical)

These are the specific methodologies, technical tools, and industry knowledge you'll need to run a successful information governance programme. You're not just using these; you're often defining how they're used across the organisation.

Technical Competencies

Skill: Information Lifecycle Management (ILM)
Desc: You'll be the architect of how we manage all our CQHS data—from incident reports to audit findings—from its creation, through active use, to archival and final disposition. This means designing the entire framework.
Level: Expert
Skill: Records Retention Scheduling
Desc: Developing, implementing, and maintaining legally-vetted schedules for all information assets. You'll ensure compliance with specific regulations like OSHA, EPA, FDA, and HIPAA, and know how to defend these schedules during an audit.
Level: Expert
Skill: Data Mapping & Lineage
Desc: You'll oversee the creation and maintenance of a comprehensive inventory of all critical CQHS data, tracking its flow through systems (e.g., from an EHS platform like Intelex to a data warehouse) to identify risk and ensure accountability. This is about understanding where our data lives and how it moves.
Level: Advanced
Skill: E-Discovery Reference Model (EDRM)
Desc: You'll define and manage the application of the EDRM framework across the organisation to handle the identification, preservation, collection, and production of electronically stored information (ESI) for litigation, audits, or regulatory investigations. You're setting the strategy here.
Level: Expert
Skill: Defensible Disposition
Desc: Establishing and overseeing a systematic, legally sound process for destroying information that has met its retention requirements. This is crucial for reducing storage costs and legal risk, and you'll need to ensure we can prove we did it correctly.
Level: Expert
Skill: ISO 30301 (Management Systems for Records)
Desc: You'll be responsible for implementing and auditing against this standard to ensure a systematic and verifiable approach to managing corporate records, which is crucial for CQHS certifications and external audits.
Level: Advanced

Digital Tools

Tool: Archer / Collibra (GRC & Privacy Platforms)
Level: Strategic/Architect
Usage: You'll be leading platform selection, designing the enterprise GRC/Data Governance framework, and overseeing its integration with other enterprise systems. This isn't about using it; it's about owning it.
Tool: Relativity / Zapproved (eDiscovery & Legal Hold)
Level: Strategic/Architect
Usage: You'll develop the corporate eDiscovery response strategy, manage all vendor relationships, set budgets for legal holds, and report on costs and timelines directly to the General Counsel.
Tool: Varonis / Microsoft Purview (Data Classification & DLP)
Level: Strategic/Architect
Usage: You'll design the enterprise-wide data classification schema, set DLP policies, and present risk exposure metrics to leadership. You're defining the 'what' and 'why', not just configuring the 'how'.
Tool: OpenText Content Suite / M-Files (Records Management Systems)
Level: Strategic/Architect
Usage: You'll be architecting the enterprise records management solution, planning major upgrades or migrations, and ensuring defensible disposition across all systems.
Tool: MS 365 (SharePoint/Teams) Governance
Level: Strategic/Architect
Usage: You'll set the global governance strategy for M365, decide on the appropriate use of tools like Viva Topics for information organisation, and own the data lifecycle within the entire platform.
Tool: Power BI Premium / Tableau Server (Reporting & Dashboards)
Level: Strategic/Architect
Usage: You'll oversee the entire reporting environment for information governance, define the strategic metrics we track, and present our governance posture to the board and executive team.

Industry Knowledge

Area: Compliance Frameworks (e.g., ISO, GDPR, CCPA, HIPAA, OSHA, EPA)
Desc: You'll need a deep understanding of the relevant regulatory landscape for our industry, knowing not just what the rules are, but how they apply to our information assets and what the consequences of non-compliance are.
Area: Data Privacy Principles (e.g., Privacy by Design)
Desc: A solid grasp of data privacy principles and how to embed them into our information governance practices, ensuring that privacy is considered from the outset of any new system or process.
Area: Cybersecurity & Data Protection Fundamentals
Desc: While not a cybersecurity expert, you'll need enough knowledge to work effectively with the IT security team, understanding how information governance supports and integrates with broader data protection efforts.

Regulatory Compliance Regulations

Reg: UK GDPR & Data Protection Act 2018
Usage: You'll be responsible for ensuring our information governance practices fully support our GDPR compliance, particularly around data subject rights, data retention, and data breach response.
Reg: Health and Safety Executive (HSE) Regulations
Usage: Understanding how HSE regulations impact the retention and management of health and safety records, incident reports, and risk assessments, ensuring these are defensibly managed.
Reg: Environmental Protection Agency (EPA) Regulations (where applicable)
Usage: If our operations fall under EPA oversight, you'll ensure environmental monitoring data, permits, and compliance reports are retained and managed according to regulatory requirements.
Reg: Industry-Specific Quality Standards (e.g., ISO 9001, ISO 13485)
Usage: Ensuring that information governance supports the documentation and records control requirements of relevant quality management systems, critical for audits and certifications.
Reg: Public Records Act (where applicable)
Usage: If we deal with public sector contracts or data, understanding the implications of public records legislation on how we manage and disclose information.

Essential Prerequisites

Demonstrable experience (10+ years) in information governance, records management, or a closely related compliance role, with at least 3-5 years in a leadership or programme management capacity.
Proven ability to design, implement, and manage enterprise-wide information governance programmes, not just execute tasks.
Experience managing a team of information governance professionals, including hiring, performance management, and career development.
A deep understanding of the legal and regulatory landscape surrounding information management, particularly within a compliance-heavy industry (e.g., CQHS, financial services, pharma).
Strong experience with GRC platforms (e.g., Archer, OneTrust) and eDiscovery tools (e.g., Relativity), including strategic deployment and vendor management.
Excellent communication and influencing skills, with a track record of successfully engaging and advising senior stakeholders across an organisation.
A Bachelor's degree in a relevant field (e.g., Law, Information Science, Business Administration, Computer Science) or equivalent professional experience.

Career Pathway Context

We're looking for someone who has already been 'in the trenches' and now wants to own the entire programme. You've likely led significant projects or managed smaller teams before, and now you're ready to step up and take full accountability for our information governance posture. This isn't an entry-level management role; it's for someone who can hit the ground running with strategic oversight.

Qualifications & Credentials

Emerging Foundation Skills

Skill: AI Governance & Ethical Data Use
Why: As AI becomes more integrated into business operations, especially for data analysis and decision-making, you'll need to ensure our information governance framework addresses the ethical implications, data lineage, and compliance risks of AI-driven systems. We need to know what data AI is trained on and how it's being used.
Concepts: [{'concept_name': 'AI Data Lifecycle Management', 'description': 'Managing the data used by AI models from collection, training, deployment, and eventual disposition, ensuring compliance and ethical use.'}, {'concept_name': 'Explainable AI (XAI) & Auditability', 'description': 'Understanding how to ensure AI decisions are transparent and auditable, especially when dealing with sensitive CQHS data or regulatory reporting.'}, {'concept_name': 'Bias Detection & Mitigation in AI Data', 'description': 'Identifying and addressing biases in data sets used for AI, which could lead to unfair or non-compliant outcomes.'}, {'concept_name': 'AI Policy Development', 'description': 'Crafting internal policies for the responsible and compliant use of AI tools and models across the organisation.'}]
Prepare: This month: Read up on the latest regulatory guidance (e.g., ICO's AI guidance) and industry best practices for AI governance.
Next quarter: Attend a webinar or short course on AI ethics and data implications.
Month 4-6: Begin auditing one internal AI project or vendor solution for data governance compliance.
Month 7-9: Draft initial internal guidelines for responsible AI data use within our CQHS context.
QuickWin: Start by documenting where AI is currently being used in your department or by your team, and identify the data sources it relies on. This initial mapping is crucial.
Skill: Integrated Risk Management (IRM)
Why: Information governance can't operate in a silo. Businesses are increasingly moving towards integrated risk management, where all risks (operational, financial, cyber, information) are managed holistically. You'll need to integrate IG into this broader framework.
Concepts: [{'concept_name': 'Enterprise Risk Management (ERM) Frameworks', 'description': 'Understanding how information governance risks fit into the wider ERM strategy and reporting.'}, {'concept_name': 'Cross-Functional Risk Reporting', 'description': 'Developing metrics and reports that connect information governance posture to broader business risks for executive consumption.'}, {'concept_name': 'Risk Appetite & Tolerance', 'description': "Aligning information governance strategies with the organisation's defined risk appetite and tolerance levels."}, {'concept_name': 'GRC Platform Integration', 'description': 'Ensuring our GRC platform effectively integrates information governance data with other risk domains (e.g., operational risk, IT risk).'}]
Prepare: This month: Meet with our Head of Enterprise Risk or Internal Audit to understand their current ERM framework and reporting.
Next quarter: Identify 2-3 key information governance metrics that could be integrated into broader risk dashboards.
Month 4-6: Participate in a cross-functional risk assessment exercise, specifically highlighting information-related risks.
Month 7-9: Propose a plan for how information governance can better support the overall ERM strategy.
QuickWin: Start by framing your information governance reports in terms of business risk (e.g., 'risk of £X fine' instead of 'non-compliance with policy Y').

Advancing Technical Skills

Skill: Advanced Data Orchestration & Automation
Why: Manual processes for data classification, retention, and legal holds are becoming unsustainable with the volume of data. You'll need to understand how to orchestrate automated workflows across multiple platforms to ensure consistent governance.
Concepts: [{'concept_name': 'API Integration for GRC/DLP', 'description': 'Understanding how to connect different governance tools via APIs to automate data flows and policy enforcement.'}, {'concept_name': 'Workflow Automation Platforms (e.g., Power Automate, ServiceNow Flow Designer)', 'description': 'Designing and overseeing the implementation of automated workflows for common governance tasks like DSAR responses or data disposition approvals.'}, {'concept_name': 'Metadata Management & Standardisation', 'description': 'Developing strategies for consistent metadata application across systems to enable automated classification and retention.'}, {'concept_name': 'Data Fabric/Mesh Concepts for Governance', 'description': 'Exploring how modern data architectures can support decentralised yet governed data management.'}]
Prepare: This month: Identify one manual, repetitive IG task that could be automated and research potential tools.
Next quarter: Work with IT to pilot a simple automation using Power Automate or a similar tool for a small governance workflow.
Month 4-6: Develop a roadmap for integrating key governance platforms (e.g., GRC with M365) via APIs for automated policy enforcement.
Month 7-9: Present a business case for investing in advanced automation capabilities for the IG programme.
QuickWin: Look for opportunities to automate simple notifications or data collection tasks using existing tools within MS 365 or your GRC platform.

Future Skills Closing Note

The future of Information Governance is about being proactive, integrated, and intelligent. Your ability to embrace these evolving technical and strategic skills will be key to your success and our organisation's resilience.

Education Requirements

Level: Minimum
Req: A Bachelor's degree in Law, Information Science, Business Administration, Computer Science, or a related field.
Alts: We're pragmatic here; significant, demonstrable professional experience (15+ years) in a senior information governance role, coupled with relevant industry certifications, could be considered in lieu of a degree.
Level: Preferred
Req: A Master's degree (e.g., in Information Management, Legal Studies, or an MBA) would be a definite advantage.
Alts: Not strictly required, but it shows a commitment to deeper theoretical understanding and strategic thinking.

Experience Requirements

You'll need at least 12-16 years of progressive experience in information governance, records management, data privacy, or a closely related compliance discipline. This should include a minimum of 5-7 years in a leadership or programme management capacity, where you've been responsible for designing, implementing, and overseeing enterprise-level governance programmes. We're looking for someone who has genuinely 'owned' a significant part of an IG function, not just contributed to it.

Preferred Certifications

Cert: Certified Records Manager (CRM)
Prod: Institute of Certified Records Managers (ICRM)
Usage: Demonstrates deep expertise in records management, which is a core component of this role.
Cert: Certified in Risk and Information Systems Control (CRISC)
Prod: ISACA
Usage: Shows a strong understanding of IT risk management and how information governance integrates into broader enterprise risk frameworks.
Cert: ISO 27001 Lead Implementer/Auditor
Prod: Various (e.g., BSI, PECB)
Usage: Useful for understanding information security management systems and how they overlap with governance.

Recommended Activities

Regularly attend industry conferences (e.g., IAPP, ARMA, Gartner IG Summits) to stay current on trends and network with peers.
Actively participate in professional associations; consider joining a committee or special interest group.
Subscribe to relevant legal and regulatory updates for the Compliance, Quality, Health & Safety sector.
Engage in continuous learning around new technologies, particularly AI and automation, and their governance implications.
Seek out mentorship from senior leaders in Legal, IT, or Enterprise Risk within our organisation or externally.

Career Progression Pathways

Entry Paths to This Role

Path: Senior Information Governance Analyst/Specialist (L3/L4)
Time: 3-5 years in this role before moving to Manager
Path: Compliance Manager (with IG focus)
Time: 4-6 years in this role before moving to IG Manager
Path: Legal Operations Manager (with eDiscovery focus)
Time: 5-7 years in this role before moving to IG Manager

Career Progression From This Role

Pathway: Director, Information Governance (L6)
Time: 3-5 years in the Manager role
Pathway: Principal Information Governance Architect (L5/L6 IC path)
Time: 3-5 years in the Manager role (if choosing IC path)

Long Term Vision Potential Roles

Title: Chief Data Governance Officer (L7)
Time: 8-12+ years from IG Manager
Title: Chief Compliance Officer (L7)
Time: 10-15+ years from IG Manager
Title: VP, Legal & Regulatory Affairs (L6/L7)
Time: 10-15+ years from IG Manager

Sector Mobility

Your expertise in managing complex information assets, navigating regulatory landscapes, and leading teams is highly transferable. You could move into similar senior governance or compliance roles in other highly regulated industries like financial services, pharmaceuticals, energy, or even government.

How Zavmo Delivers This Role's Development

DISCOVER Phase: Skills Gap Analysis

Zavmo maps your current competencies against all requirements in this job description through conversational assessment. We evaluate your foundation skills (communication, strategic thinking), functional skills (CRM expertise, negotiation), and readiness for career progression.

Output: Personalised skills gap heat map showing strengths and priorities, estimated time to competency, neurodiversity accommodations.

DISCUSS Phase: Personalised Learning Pathway

Based on your DISCOVER results, Zavmo creates a personalised learning plan prioritised by impact: foundation skills first, then functional skills. We adapt to your learning style, pace, and neurodiversity needs (ADHD, dyslexia, autism).

Output: Week-by-week schedule, each module linked to specific job responsibilities, checkpoints and milestones.

DELIVER Phase: Conversational Learning

Learn through conversation, not boring modules. Zavmo uses 10 conversation types (Socratic dialogue, role-play, coaching, case studies) to build competence. Practice difficult QBR presentations, negotiate tough renewals, and handle churn conversations in a safe AI environment before facing real clients.

Example: "For 'Stakeholder Mapping', Zavmo will guide you through analysing a complex enterprise account, identifying key decision-makers, and building an engagement strategy."

DEMONSTRATE Phase: Competency Assessment

Zavmo automatically builds your evidence portfolio as you learn. Every conversation, practice scenario, and application example is captured and mapped to NOS performance criteria. When ready, your portfolio supports OFQUAL qualification claims and demonstrates competence to employers.

Output: Competency matrix, evidence portfolio (downloadable), qualification readiness, career progression score.

Discover Your Skills Gap Explore Learning Paths