Jewish Care is dedicated to leveraging digital technology to improve efficiency, service quality, and compliance. As part of our Digital Transformation programme, we aim to enhance our ways of working and better support the people we serve.
To achieve this vision, we are seeking an experienced IT Security & Risk Manager to safeguard our IT infrastructure, ensuring it is secure, resilient, and capable of meeting our current and future strategic goals.
As IT Security & Risk Manager, you will be pivotal in shaping Jewish Care’s IT security posture. You will oversee the implementation of security frameworks, identify risks, and recommend mitigation strategies. This role requires a proactive leader who can balance technical expertise with a pragmatic approach to risk management.
This post is full time working an average of 36.25 hours per week on an hybrid contract with 2 days in the office per week.
Responsibilities
Security Framework Development: Create, implement, and monitor Jewish Care’s IT security posture, ensuring compliance with standards like Cyber Essentials+ and NIST CSF.
Policy and Compliance: Own and maintain IT security policies, ensuring adherence across the organisation.
Risk Assessment and Mitigation: Identify infrastructure risks and provide actionable recommendations.
Incident Response: Plan and coordinate IT security updates and responses to potential threats.
Strategic Advice: Advise the Information Security Committee on suitable security controls and deviations from base configurations.
Reporting: Prepare detailed reports for Trustees and the Internal Audit & Risk Committee.
Procurement Support: Assess compliance and risks associated with system and software procurement.
Training and Awareness: Lead cybersecurity training initiatives to build organisational awareness and resilience.
What We’re Looking For
Formal qualifications in Networking and Security (CISMP, CISSP, ISO27001).
Proven experience leading an organisation through cybersecurity improvements, including technical tools and training.
Track record of maintaining industry accreditation such as Cyber Essentials+.
Strong knowledge of IT Security frameworks (e.g., NIST or ISO27001).
Hands-on experience with IT systems like Meraki Networking, Sophos, Mimecast, Azure VPN, and MS Intune.
Pragmatic approach to IT security and risk management.
Exceptional communication skills, with the ability to influence stakeholders at all levels.
Strategic thinker who can plan and execute long-term initiatives.
Strong project management skills, capable of handling multiple priorities.
