Purpose of Position:
Responsible for planning, performing, monitoring and reporting on IT regulatory controls and compliance as well as other assigned projects within the Corning Information Technology division. Provide regulatory analysis and guidance throughout the compliance lifecycle process. Provide continuous monitoring of regulatory policies, programs, controls, compliance artifacts, and standards in support of government and industry security compliance. Perform assigned portions of IT compliance programs, determining compliance with policies and procedures, monitoring, recommending corrective action, preparing findings and assisting with remediation plans. Reviews and services will be performed in accordance with industry standards and Corning Incorporated policies.
Roles and Responsibilities:
• Perform assigned compliance tasks with minimal supervision, which may include planning, analysis, design and implementation of controls, customer interaction, testing, and reporting procedures in accordance with appropriate professional and department standards.
• Review regulations and provide feedback to management. Based upon analysis, develop recommendations on controls to address gaps and lead remediation of gaps.
• Participate in the evaluation, development and maintenance of policies, procedures and training as they pertain to regulatory and customer compliance requirements.
• Provide project initiation and development support for new software installations for compliance related IT elements as assigned.
• Hold discussions with management regarding processes and noted control weaknesses. Prepare draft reports to management to communicate results including recommendations for improving regulatory information system practices and controls.
• Work with project teams of enterprise solutions and evaluate impacts on security controls.
• Ability to perform compliance assessments within cloud and complex IT environments
• Obtain buy-in and ownership from management for observations and remediation plans.
• Work with Internal Audit, external auditors, management, and staff to identify feasible resolutions to control gaps and opportunities for improvement.
• Plan and execute compliance reviews.
• Provide guidance, interpretation, and education to the organization on regulatory requirements and policies, as needed.
• Bachelors (4 year) degree in Computer Information Systems, Information Technology, or related field
• 8+ years combined compliance, audit, technology risk, security and/or information technology experience
• Familiarity with technical assessments and audit methodologies for technical systems (including, but not limited to, application security, system management, OS/database administration) as well as IT auditing processes.
• High degree of personal integrity; promotes high standards of ethical conduct and behaviors consistent with organizational and government standards
• Self-starter operating with minimal supervision/oversight
• Ability to build effective working relationships & collaborate with people from a broad spectrum within IT and across the company
• Professional, positive communicator delivering clear, concise information in either verbal or written format
• Strong communication; written and verbal skills. There will be frequent interactions with internal and external stakeholders.
• Ability to travel both domestically and internationally, up to 25%
• Strong understanding of Corning’s IT environment or previous experience in an IT support or development role related to applications development, server, database, or network infrastructure preferred
• General knowledge of government regulatory compliance and control frameworks such as SOX, ITAR, EAR, Data Privacy (GDPR, BCR, CCPA, etc.), COSO, COBiT, PCI-DSS, SANS Top 20 Security Controls, and HIPAA
• Experience in conducting IT controls assessments based on ISO 27001/27002 and 27018, ISAE3402, SOC 1 and SOC 2 Type 2 reports
• Strong project management skills
• Experience with Governance, Risk, and Compliance (GRC) tools
• General knowledge of internal control concepts, principles, and risk analysis
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information System Security Professional) – or willingness to obtain within 1 year
This position does not support immigration sponsorship.
45404 IT Manager, Compliance
Purpose of Position: