Share this Job

IT Compliance Leader - Government Programs

Apply now »

Date: Nov 18, 2020

Location: Painted Post, NY, US, 14870 Charlotte, NC, US, 28216

Company: Corning

Requisition Number: 42574


Corning is one of the world’s leading innovators in materials science. For more than 160 years, Corning has applied its unparalleled expertise in specialty glass, ceramics, and optical physics to develop products that have created new industries and transformed people’s lives.

Corning succeeds through sustained investment in R&D, a unique combination of material and process innovation, and close collaboration with customers to solve tough technology challenges.


Purpose of Position:

Responsible for planning, performing, monitoring and reporting on IT regulatory controls and compliance as well as other assigned projects within the Corning Information Technology division. Provide regulatory analysis and guidance throughout the compliance lifecycle process. Provide continuous monitoring of regulatory policies, programs, controls, compliance artifacts, and standards in support of government and industry security compliance. Perform assigned portions of IT government compliance programs, determining compliance with policies and procedures, monitoring, recommending corrective action, preparing findings and assisting with remediation plans. Reviews and services will be performed in accordance with industry standards and Corning Incorporated policies.

Roles and Responsibilities:

  • Perform assigned compliance tasks with minimal supervision, which may include planning, analysis, design and implementation of controls, customer interaction, testing, and reporting procedures in accordance with appropriate professional and department standards.
  • Review federal regulations and provide feedback to management. Based upon analysis, develop recommendations on controls to address gaps.
  • Participate in the evaluation, development and maintenance of policies, procedures and training as they pertain to regulatory and customer compliance requirements.
  • Hold discussions with management regarding processes and noted control weaknesses. Prepare draft reports to management to communicate results including recommendations for improving regulatory information system practices and controls.
  • Work with architecture teams to identify enterprise solutions and evaluate impacts on security controls.
  • Ability to perform compliance assessments within cloud and complex IT environments
  • Obtain buy-in and ownership from management for observations and remediation plans.
  • Work with Internal Audit, external auditors, management, and staff to identify feasible resolutions to control gaps and opportunities for improvement.
  • Plan and execute compliance reviews.
  • Provide guidance, interpretation, and education to the organization on regulatory requirements and policies, as needed.

Education Requirements:

  • Bachelors (4 year) degree in Computer Information Systems, Information Technology, or related field

Work Requirements:

  • 5+ years combined compliance, audit, technology risk, security and/or information technology experience

Required Skills:

  • Prior experience and knowledge with federal information security policies, standards, procedures, directives, and frameworks, such as: CMMC, FISMA, NIST Cyber Framework, FedRAMP, and Risk Management Framework
  • Familiarity with technical assessments and audit methodologies for technical systems (network, operating systems, application security) as well as IT auditing processes.
  • High degree of personal integrity; promotes high standards of ethical conduct and behaviors consistent with organizational and government standards
  • Strong communication; written and verbal skills. There will be frequent interactions with internal and external stakeholders.
  • Ability to travel both domestically and internationally, up to 25%

Desired Skills:

  • Strong understanding of Corning’s IT environment or previous experience in an IT support or development role related to applications development, server, database, or network infrastructure preferred
  • General knowledge of government regulatory compliance and control frameworks such as ITAR, EAR, Data Privacy (GDPR, BCR, etc.), COSO, COBiT, PCI-DSS, SANS Top 20 Security Controls, and HIPAA
  • Experience in conducting IT controls assessments based on ISO 27001/27002 and 27018, SOC 1 and SOC 2 Type 2 reports
  • Strong project management skills
  • Experience with Governance, Risk, and Compliance (GRC) tools
  • General knowledge of internal control concepts, principles, and risk analysis

Desired Certifications:

  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
  • CISSP (Certified Information System Security Professional)
  • or willingness to obtain within 1 year

This position does not support immigration sponsorship.


We prohibit discrimination on the basis of race, color, gender, age, religion, national origin, sexual orientation, gender identity or expression, disability, or veteran status or any other legally protected status.


We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Nearest Major Market: Corning