IT Manager

About ETS:

For over 75 years, we have amplified products and services based on rigorous research and our belief in the power of learning.

Driven by our mission to advance quality and equity in education, ETS provides learning solutions, pioneering research, and trusted assessments that help guide learners worldwide on their path to new possibilities.

Our portfolio of trusted measures includes TOEFL, TOEIC, GRE, and Praxis. Along with research, development, and innovation that explores new frontiers in learning and measurement, our educational measurement solutions and research contribute to the development of new methods and tools, inform important dialogue with education policymakers, and shed light on critical issues and potential solutions - all with the aim of creating a world where all learners can improve their lives through education.

With new senior leadership at the helm, ETS aims to continue changing the lives of all learners as we expand our organization's global footprint.

Our goal is to remain at the forefront of assessment and measurement efficacy within the education and ed tech space as it continues to grow and evolve.

Position Summary:

The IT Manager position is responsible for overseeing and directing the daily operations of an IT Business unit (e.g. Data Management, IT Delivery, Business Relations, Demand Management, Enterprise Architecture, IPO, and Applications Development & Maintenance).

This role is responsible for the management, evaluation, prioritization, and response to business requests for new applications and modifications to existing systems, requiring subject matter expertise in IT.

The successful candidate must also have experience with regulatory frameworks such as ISO 27001, NIST 800-53, and PCI-DSS.

The IT Manager assists the Director of IT in training and developing a team of technical staff members, monitoring the quality of deliverables, and staff productivity.

This is a hands-on role deeply involved in the daily operations, goals, and troubleshooting activities of the department, requiring an individual committed to successful and timely delivery across the organization.

The incumbent must be able to balance individual work output responsibilities.

Responsibilities:

• Implement IT strategy consistent with individual business unit goals and departmental direction.

Program Management:

Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services.

Policy Management:

Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management.

Program Assessments:

Manage and support the 3rd Party Security Vendor Risk Management program, and regulatory compliance reporting for ISO 27001, PCI-DSS, and other frameworks.

Risk Management:

Manage control testing, issues management (findings, remediation plans, and exception requests), risk register, and reporting.

Key Responsibilities:

• Regularly update senior leadership on progress and status of assigned projects and ensure that production goals are met.
• Oversee and manage the completion of staff projects, tasks, and duties.
• Manage the development and enforcement of standards and procedures for departmental administration.
• Develop and improve metrics for process orientation.
• Monitor staff performance in relation to productivity, the completion of daily departmental operations, and meeting of annual objectives.

Knowledge and Skills:

• Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity.
• Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
• Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls.
• Ability to communicate an effective security awareness message throughout the organization.
• Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents.
• Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management, and non-technical users.
• Strong ability to communicate with technical and non-technical practitioners, as well as executives.
• Strong presentation skills.

Education and Experience:

• Bachelor's degree is preferred.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
• Seven (7) + years of direct experience (Information Security/Governance) is required.
• Four (4) + years of management experience required.
• Strong knowledge on Security frameworks such as ISO 27001, NIST 800-53, NIST Risk Management Framework, etc are required.
• Strong knowledge of risk management principles and practices is required. Familiarity with the FAIR risk framework is preferred.
• Experience handling multiple concurrent projects effectively.

---