Requisition Number: 60016

Corning is vital to progress – in the industries we help shape and in the world we share.

We invent life-changing technologies using materials science. Our scientific and manufacturing expertise, boundless curiosity, and commitment to purposeful invention place us at the center of the way the world interacts, works, learns, and lives.

Our sustained investment in research, development, and invention means we’re always ready to solve the toughest challenges alongside our customers.

The global Information Technology (IT) Function is leading efforts to align IT and Business Strategy, leverage IT investments, and optimize end to end business processes and associated information integration technologies. Through these efforts, IT helps to improve the competitive position of Corning's businesses through IT enabled processes.

IT also delivers Information Technology applications, infrastructure, and project services in a cost efficient manner to Corning worldwide.

Purpose of the Position:

The IT Risk & Resiliency Manager is responsible for providing oversight and continuous improvement to the IT Risk Management and Business Continuity Programs.

The IT Risk & Resiliency Manager will partner with IT Service Lines and Enterprise Risk Management to identity, analyze, evaluate, and monitor IT risks and remediation activities.

The IT Risk & Resiliency Manager is responsible for providing risk guidance to the IT organization and developing business continuity plans that help to decrease identified risks.

The IT Risk & Resiliency Manager will also work with cross-functional teams to ensure the risk management program is fully adopted and will be responsible for driving an efficient risk governance program; working with other teams to implement appropriate controls across the organization.

Day to Day Responsibilities:

• Define situations in terms of the security risks and assists peers and management in making informed business decisions based on risk management principles.
• Work across the organization to identify, analyze and track new risks
• Maintain the IT risk register, working across service lines to ensure risks are being actioned and plans stay on track
• Coordinate and chair the IT Risk Sub Council
• Present risk reports and proposals to executive leadership and senior staff
• Work with the service lines to develop risk management controls and contingency plans
• Provide Business Continuity support to the Corporate BC group
• Coordinate and lead quarterly tabletop sessions
• Work across the organization to close any action items identified during tabletops
• Document IT Business Continuity Plans and risks, including keeping Fusion updated with those plans and risks
• Work with various cross-functional teams within the company to support all security and governance activities.
• Identify and propose areas for information security controls and process improvements

Education and Experience:

• Bachelor’s degree in management information systems, computer science, engineering, or other related field
• 5 years of relevant experience in information technology
• 3 years of hands-on experience in enterprise risk management
• Experience with frameworks such as COSO, NIST CSF, ISO

Required Skills:

• Knowledge and experience with security concepts across a broad range of technology and system areas, including data communications, network design, operations, databases, operating systems, and application development.
• Demonstrate knowledge of security industry best practices
• Excellent verbal and written communication skills; prior experience preparing and presenting recommendations to senior management required

Desired Skills:

• IT Risk Identification
  • Risk events (e.g., contributing conditions, loss result)
  • Threat modeling and threat landscape
  • Vulnerability and control deficiency analysis (e.g., root cause analysis)
  • Risk scenario development
• IT Risk Analysis and Evaluation
  • Risk assessment concepts, standards, and frameworks
  • Risk register
  • Risk analysis methodologies
  • Business impact analysis
  • Inherent and residual risk
• Risk Response and Reporting
  • Risk treatment / risk response options
  • Risk and control ownership
  • Third-party risk management
  • Issue, finding, and exception management
  • Management of emerging risk
• Risk Monitoring and Reporting
  • Risk treatment plans
  • Data collection, aggregation, analysis, and validation
  • Risk and control monitoring techniques
  • Risk and control reporting techniques (heatmap, scorecards, and dashboards)
  • Key performance indicators
  • Key risk indicators (KRIs)
  • Key control indicators (KCIs)
  
  

• Certification in Risk and Information Systems Control (CRISC) or similar preferred.

This position does not support immigration sponsorship.

We prohibit discrimination on the basis of race, color, gender, age, religion, national origin, sexual orientation, gender identity or expression, disability, veteran status or any other legally protected status.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

The range for this position is $115,554.00 - $158,873.00. Starting pay for the successful applicant is dependent on a variety of job-related factors, including but not limited to geographic location, market demands, experience, training, and education. The benefits available for this position include medical, dental, vision, 401(k) plan, pension plan, life insurance coverage, disability benefits, and PTO

Nearest Major Market: Charlotte