|Location||Charlotte NC, Corning NY or REMOTE|
|Preferred GIAC Certifications||GIAC - GCIH, GCIA, GMON GCIA, GSOC or other|
Corning is one of the world’s leading innovators in materials science. For more than 160 years, Corning has applied its unparalleled expertise in specialty glass, ceramics, and optical physics to develop products that have created new industries and transformed people’s lives.
Corning succeeds through sustained investment in R&D, a unique combination of material and process innovation, and close collaboration with customers to solve tough technology challenges.
The global Information Technology (IT) Function is leading efforts to align IT and Business Strategy, leverage IT investments, and optimize end to end business processes and associated information integration technologies. Through these efforts, IT helps to improve the competitive position of Corning's businesses through IT enabled processes. IT also delivers Information Technology applications, infrastructure, and project services in a cost efficient manner to Corning worldwide.
Job Location: Remote – Charlotte, NC – Corning, NY
Scope of Position: In this role, the individual will have experience performing assessments of both hardware and software vendors/manufacturers. The individual will have experience performing assessments for commercial off the shelf and cloud-based solutions. The ideal candidate will have a broad technical background that compliments their ability to effectively identify during the assessment process any deficiencies in physical, technical or administrative controls. The candidate will provide technical expertise and guidance to drive risk reduction and mitigation efforts while identifying gaps, threats, vulnerabilities and other information security risks to Corning’s global community.
Roles & Responsibilities:
Conduct software assessments of COTS and XaaS services to ensure compliance with Company requirements.
Review development, testing and implementation of appropriate security plans, products and control techniques.
Ability to produce architecture artifacts, not limited to solution designs, that combine and integrate multiple technologies, from conceptual models to applied architecture.
Continuous process improvement: must look for ways to gain efficiencies through automation and process restructuring.
Partner with business units, operations, technology, risk management and other stakeholders to understand the business environment, evolving business priorities, and obtain key data and information.
Identify and report on risks associated with current or future services.
Ability to articulate the risk and ranking, provide guidance for mitigation or compensating controls, and drive to a formal documented risk acceptance.
Maintain an effective review process for new and existing third-party engagements by the assigned lines of business and monitor third party performance against established benchmarks/contract requirements.
Partner with lines of business to ensure adherence to applicable policies and procedures, including the third-party risk management program.
Initiate and complete special project assignments, or special ad hoc reviews or other assignments.
Evaluate and review policies, procedures, controls, and standards to identify gaps and recommend opportunities for control enhancements.
Collect, document, track, follow-up, and report on information security risk exceptions.
Keep up to date on changes in laws and regulations impacting the line of business through education programs/conferences, trade publications, agency websites and emails.
Document, track and report all issues, and keep manager and business unit management informed as necessary.
Document, monitor, follow-up, and report on non-approved use of technical services.
Ability to quickly learn, communicate and apply technical concepts.
Education Requirements: Bachelor's degree in Computer Science, Information Technology, Cyber Security or related field, or demonstrates equivalent industry experience.
At least 3-5 years hands-on work experience in information security.
Experience in cloud service provider security assessments and evaluations or implementing cloud services.
Experience collaborating with service providers to ensure deliverables meet expectations.
Experience working on Information security due-diligence reviews of Third-Party Suppliers/ Vendors
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Familiarity with NIST CSF, NIST 800 series, PCI-DSS, ISO 27001, COBIT, ITIL
Familiarity with SOC reports
Capable of handling a variety of ad-hoc requirements
Experience in a service-oriented organization serving many stakeholders globally
Detail oriented, natural curiosity and tenacity.
Strong understanding of cloud technologies.
Strong communication, organizational skills, interpersonal, and collaborative skills
Certifications: CISSP, CISA, CISM, CRISC, or relevant certifications preferred
Travel: Domestic and International travel may be required, up to 10%
This position does not support immigration sponsorship.
We prohibit discrimination on the basis of race, color, gender, age, religion, national origin, sexual orientation, gender identity or expression, disability, veteran status or any other legally protected status.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Nearest Major Market: Charlotte