Manager, IT Policy and Compliance

Manager, IT Policy and Compliance

Application Deadline: 19 September 2024

Department: Information Technology

Employment Type: Full Time

Location: Crystal Building 40 W20th St

Reporting To: Geniene Jones

Compensation: $90,000 - $110,000 / year

Description

Overview
The Manager, IT Policy, Contracts & Compliance is responsible for developing, implementing, and managing IT policies and compliance strategies to ensure robust IT governance within the organization. This role involves working closely with IT security and other team members to meet organizational goals and deliverables while adhering to all contractual or prescribed stakeholder expectations and regulatory requirements. This role ensures that IT policy and compliance operations meet or exceed industry standards and regulatory compliance. This role will also manage a proactive and consistent approach to execute and renew department contracts in partnership with Procurement. Additionally, the Manager is responsible for identifying and flagging risks for IT leadership, ensuring proactive risk management and informed decision-making within the organization.

We are looking for someone we can count on to:
Own:

• Identifying compliance and policy risks and gaps through a practical but comprehensive evaluation process. 
• Establishing and enforcing consistent policies and standards across the enterprise to promote ownership and accountability.
• Ensuring employees and third parties understand, acknowledge, and fulfill all applicable policies.
• Managing the IT Core Services Master Sheet.
• Leading the initiation and renewal of department contracts in partnership with Procurement.
• Managing vendor relationships to guarantee service quality, contract compliance, and cost efficiency.
• Engaging with internal and external auditors on audits related to the organization’s internal controls.
• Fostering strong engagement with internal and external stakeholders to support IT policy, contracts and compliance initiatives.

Teach:

• Team members and stakeholders on IT policies, compliance requirements, and risk management strategies.
• Facilitating cross-departmental knowledge sharing to promote a culture of compliance and proactive risk management.

Learn:

• The latest industry standards, regulatory requirements, and best practices in IT governance, risk management, and compliance.
• Through continuously seeking feedback from stakeholders and incorporating learnings to improve processes and policies.

Improve:

• The content, quality and timing of governance, risk and compliance analysis and reporting.
• The organization and maintenance of the repository of compliance and policy documents, ensuring accessibility and accuracy.
• The state and management of IT Core Services data.
• The contract initiation and renewal process for efficiency and effectiveness.

Some expectations for this role are that within:
1 month, this person will:

• Become familiar with the various stakeholders and SMEs on the team.
• Build relationships with IT partners and IT Leadership.
• Understand NYPL’s culture and mission.
• Develop a prioritized project plan and timeline for active work needs.
• Set up a regular cadence for meetings and updates with teams and stakeholders.

3 months, this person will:

• Gain a solid understanding of existing policy, contract and compliance collateral within the department
• Learn the NYPL Procurement process and integrate it with department needs.
• Partner with AD, Cybersecurity to develop a proactive approach to Cybersecurity and Governance, Risk and Compliance (GRC),  conducting routine Operational Risk Assessments and Compliance Reviews.
• Serve as the team SME on calls and in meetings.
• Develop and execute an executive reporting meeting cadence with IT Leadership.

6 months and beyond, this person will:

• Revamp the IT Core Services Master Sheet and develop a plan for proactive department contract renewals.
• Identify GRC needs and provide recommendations to address them, ensuring continuous improvement.

Responsibilities

• Develop and oversee the implementation of comprehensive IT policies and compliance strategies to ensure robust governance.
• Ensure organizational adherence to industry standards and regulatory requirements in IT policy and compliance operations.
• Manage vendor relationships, including contract negotiations and performance evaluations, to ensure cost-effective solutions., coordinating closely with Procurement.
• Identify and communicate risks to IT leadership, supporting proactive risk management and informed decision-making.
• Collaborate with internal and external auditors to facilitate audits of internal controls.
• Drive a proactive Cybersecurity and Governance, Risk, and Compliance (GRC) approach, including routine risk assessments and compliance reviews.
• Leverage technology to streamline the identification and reporting of compliance exceptions.
• Develop and manage a metrics framework to measure policy compliance across the organization.
• Optimize governance, risk, and compliance-related expenditures.
• Provide an enterprise-wide perspective on risk gaps and develop strategies to enhance efficiency and effectiveness.
• Partner with the Associate Director of Cybersecurity and other leaders to ensure process compliance and currency.
• Align closely with the Director of Privacy to ensure policy and procedural coherence.
• Conduct periodic compliance attestations and assessments, focusing on PCI compliance, cybersecurity audits, and disaster recovery/business continuity.
• Maintain the IT Core Services Master Document, ensuring it reflects current practices.
• Perform additional duties as required.

Required Education, Experience & Skills

Required Education & CertificationsBachelor's degree in computer science, information security, cybersecurity or a related field.Required Experience

• 3+ years of experience in IT audit, enterprise risk management (ERM), or a similar role to demonstrate a background in evaluating IT controls, managing risks, and ensuring compliance.
• 3+ years of experience with regulatory compliance and information security management frameworks to ensure familiarity with relevant standards and regulations.
• Basic knowledge of industry standards around Cyber Security and GRC
• Proven experience with industry processes and business regulations related to IT governance, risk management, and compliance, showcasing an ability to navigate complex regulatory environments effectively.
• Extensive experience in managing vendors, including negotiating contracts, performance oversight and ensuring adherence to IT policies and compliance requirements.

Required Skills

• Excellent organizational skills and attention to detail.
• Strong interpersonal and problem-solving skills.
• Strong vendor management skills with a proven ability to oversee vendor performance and enforce contract terms.
• Excellent analytical abilities to assess risks, evaluate compliance, and identify gaps in IT policies and controls, with a track record of applying analytical insights to improve IT governance and risk management practices.
• Excellent time management skills with a proven ability to meet deadlines.
• Ability to work independently and proactively to identify key steps to achieve outcomes.
• Strong planning and execution skills.
• Basic understanding of MS Windows, MS Office and Google Apps.
• Strong skills in collaboration and communication, including:
• Meeting Facilitation: Experience in leading and facilitating meetings with cross-functional teams and stakeholders.
• Communication: Proficient in articulating complex information clearly and effectively to both technical and non-technical audiences.
• Presentation/Public Speaking: Demonstrated ability to present information and findings confidently to IT Leadership and other stakeholders.

Managerial/Supervisory ResponsibilitiesN/A

More...

Core Values
All team members are expected and encouraged to embody the NYPL Core Values:

• Be Helpful to patrons and colleagues
• Be Resourceful in solving problems 
• Be Curious in all aspects of your work
• Be Welcoming and Inclusive

Work Environment

• Office setting

Physical Duties

• None

Pre-Placement Physical Required?
No

Union/Non Union
Non-Union

FLSA Status
Exempt

Schedule

• Monday through Friday, available during open branch and research center hours.
• Evenings and weekends as required
• Hybrid - 3 days onsite required

This job description represents the types and levels of responsibilities that will be required of the position and shall not be construed as a declaration of all of the specific duties and responsibilities for the role. Job duties may change if Library priorities change. Employees may be directed to perform job-related tasks other than those specifically presented in this description as needed.

The New York Public Library Salary Statement
At the Library, we believe that pay transparency and pay equity are important to ensuring we source the best candidates and keep the best employees. When making a determination as to the appropriate salary for a candidate, we consider a variety of factors such, including, but not limited to, the position requirements, the skills, prior experience, and educational background required or preferred for the job, the scope and impact of the role within the organization, internal peer equity, and the candidate's specific training, experience, education level, and skills. No single factor is conclusive; the Library reserves the right to consider any and all relevant factors and make a decision consistent with its policies.
Union Salaries are determined by collective bargaining agreement(s).