Share this Job

IT Risk and Controls Leader

Date: Apr 23, 2019

Location: Corning, NY, US, 14830

Company: Corning

Requisition Number: 36714


Corning is one of the world’s leading innovators in materials science. For more than 160 years, Corning has applied its unparalleled expertise in specialty glass, ceramics, and optical physics to develop products that have created new industries and transformed people’s lives.

Corning succeeds through sustained investment in R&D, a unique combination of material and process innovation, and close collaboration with customers to solve tough technology challenges.

The global Information Technology (IT) Function is leading efforts to align IT and Business Strategy, leverage IT investments, and optimize end to end business processes and associated information integration technologies.  Through these efforts, IT helps to improve the competitive position of Corning's businesses through IT enabled processes.  IT also delivers Information Technology applications, infrastructure, and project services in a cost efficient manner to Corning worldwide.

Purpose of Position: Responsible for planning, performing, monitoring and reporting on IT regulatory controls and compliance as well as other assigned projects within the Corning Information Technology division. Provide regulatory analysis and guidance throughout the compliance lifecycle process. Provide continuous monitoring of regulatory policies, programs, controls, compliance artifacts, and standards in support of government and industry security compliance. Perform assigned portions of IT compliance programs, determining compliance with policies and procedures, monitoring, recommending corrective action, preparing findings and assisting with remediation plans. Reviews and services will be performed in accordance with industry standards and Corning Incorporated policies.

Roles and Responsibilities:

  • Perform assigned compliance tasks with minimal supervision, which may include planning, analysis, design and implementation of controls, customer interaction, testing, and reporting procedures in accordance with appropriate industry and department standards.
  • Review federal regulations and provide feedback to management. Based upon analysis, develop recommendations on controls to address gaps.
  • Participate in the evaluation, development and maintenance of policies, procedures and training as they pertain to regulatory and customer compliance requirements.
  • Hold discussions with management regarding processes and noted control weaknesses. Prepare draft reports to management to communicate final results including recommendations for improving regulatory information system practices and controls.
  • Work with architecture teams to identify enterprise solutions and evaluate impacts on security controls.
  • Ability to perform compliance assessments within cloud and complex IT environments
  • Obtain buy-in and ownership from management for observations and remediation plans.
  • Work with Internal Audit, external auditors, management, and staff to identify feasible resolutions to control gaps and opportunities for improvement.
  • Plan and execute compliance reviews.
  • Provide guidance, interpretation, and education to the organization on regulatory requirements and policies, as needed.

Education Requirements: Bachelors (4 year) degree in Computer Information Systems, Information Technology, or related field

Work Requirements: 2+ years combined compliance, audit, technology risk, security and/or information technology experience

Required Skills:

  • Prior experience and knowledge with federal information security policies, standards, procedures, directives, and frameworks, such as but not limited to: FISMA, NIST Cyber Framework, FedRAMP, and Risk Management Framework
  • Familiarity with technical assessments and audit methodologies for technical systems (network, operating systems, application security) as well as IT auditing processes.
  • High degree of personal integrity; promotes high standards of ethical conduct and behaviors consistent with organizational and government standards
  • Strong communication; written and verbal skills. There will be frequent interactions with internal and external stakeholders.
  • Ability to travel both domestically and internationally, up to 25%

Desired Skills:

  • Strong understanding of Corning’s IT environment or previous experience in an IT support or development role related to applications development, server, database, or network infrastructure preferred
  • General knowledge of government regulatory compliance and control frameworks such as ITAR, EAR, Data Privacy (GDPR, BCR, etc.), FDA, COSO, COBiT, PCI-DSS, SANS Top 20 Security Controls, and HIPAA
  • Experience in conducting IT controls assessments based on ISO 27001/27002 and 27018, SOC 1 and SOC 2 Type 2 reports
  • Strong project management skills
  • Experience with Governance, Risk, and Compliance (GRC) tools
  • General knowledge of internal control concepts, principles, and risk analysis
  • Desired Certifications: CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), or CISSP (Certified Information Systems Security Professional) – or willingness to obtain within 1 year

This position does not support immigration sponsorship.

We prohibit discrimination on the basis of  race, color, gender, age, religion, national origin, sexual orientation, gender identity or expression, disability, or veteran status or any other legally protected status.

Nearest Major Market: Corning