IT Analyst, Governance, Risk & Compliance

Responsibilities:

• Work to promote the Corning IT Governance Risk and Compliance program.
• Proactively work as cybersecurity compliance specialist to discover and understand the compliance posture as to ensure that the company's cybersecurity mechanism and practices are in line with relevant Chinese regulations and compliance requirements, familiar with China regulation environment. Review implementation of technical controls to ensure compliance with regulators and partners globally and regionally.
• Perform GRC tasks by implementing processes to automate and continuously monitor information security controls, exceptions, risks, testing and reporting.
• Perform and investigate internal and external information security risk and exceptions assessments. Identify and document gaps in the risk register, tracking the risk, mitigations, owner, etc.
• Partner with regional resources understanding the business posture and compliance requirements in scope to facilitate business operation.
• Implement a risk assessment framework and program (i.e. TISAX, MLPS, ISO, NIST) that aligns to regulatory requirements, ensuring documented and sustainable compliance which enables business outcomes in region.
• Participate and deliver presentations on GRC requirements and awareness training globally and regionally.
• Co-develop regional compliance framework standards align with enterprise policies to manage information security risks.
• Partner with the Data Privacy team and IT compliance to establish roles and responsibilities for data protection and privacy.
• Develop guidelines, checklists, and other resources to help non-technical employees understand GRC standards. Partner with various groups across Corning to implement necessary changes to meet GRC standards.
• Assist the business with software compliance reviews and any other IT processes. 
• Assist with the IT Ticketing process to address incidents and tasks in the region.
   

Education and Experience:

• 2+ years of general cybersecurity experience 
• 2+ years of cybersecurity compliance experience NIST,CISA,ISO, China MLPS and data governance
• Technical experience in cybersecurity operations to understand, incorporate and communicate technical aspects into the role
• Strong familiarity with information security concepts, practices, and solutions
   

Required Skills

• Understanding of cybersecurity at an enterprise level
• Fluent in English at business communication level, CET 6 and above
• Experience with various operating systems, Windows, Linux, Unix
• Experience presenting to both technical and non-technical audiences in cross-function team global wide.
• Strong risk-based prioritization abilities
• Demonstrated written communication skills, with a focus on providing clarity of remediation efforts to both system owners and leadership.
   

Desired Skills

• Bachelor degree in Cybersecurity, Computer Science or similar degree preferred but not required
• Industry certification CISSP, CISA, CRISC, Sec+, GICSP, GRID, GCCC, or similar is preferred.