Requisition Number: 45696
Corning is one of the world’s leading innovators in materials science. For more than 160 years, Corning has applied its unparalleled expertise in specialty glass, ceramics, and optical physics to develop products that have created new industries and transformed people’s lives.
Job Location: Remote – Charlotte, NC – Corning, NY
Job Description: The cybersecurity risk imposed when organizations interact with third parties is among the most significant drivers of risk today. In this role, the right candidate will be responsible for completion of reviews for all aspects of the third-party risk management life cycle (software and hardware) for new and existing third-party engagements, including planning, risk identification and risk assessment, due diligence review and documentation requirements. contract review, and the development of effective ongoing monitoring programs.
- Partnering with business units, operations, technology, risk management and other stakeholders to understand the business environment, evolving business priorities, and obtain key data and information
- Reviews the development, testing and implementation of appropriate security plans, products and control techniques.
- Coordinate efforts to reevaluate existing vendor engagements based on ongoing assessment of compliance risk.
- Ability to articulate the risk and ranking and drive formal documented risk acceptance.
- Providing timely and high-quality responses to inquiries from regulators, internal audit and senior management
- Keep up to date on changes in laws and regulations impacting the line of business through education programs/conferences, trade publications, agency websites and emails. Promptly communicate changes to appropriate business units and/or executive management and other Verisk partners.
- Engage appropriate Subject Matter Experts (SMEs) within security, privacy, compliance, and the lines of business. Partner with lines of business to ensure adherence to applicable policies and procedures, including the Third-party Risk Management Program.
- Remain current on emerging supplier risks and assist the business lines in responding to changes in the supply chain environment.
- Maintain an effective review process for new and existing Third-Party engagements by the assigned lines of business and monitor third party performance against established benchmarks/contract requirements.
- Interact with various levels of management (within the LOB) as well as other risk discipline to communicate emerging compliance issues throughout the third-party life cycle.
- Document, track and report all issues, and keep manager and business unit management informed as necessary.
- Initiate and complete special project assignments, task force projects, or special ad hoc reviews or other assignments
- Perform information security due diligence reviews on new and existing 3rd parties.
- Identify and report on risks associated with current or future services
- Review and report on critical vendor's SSAE reporting related to services provided, assist with external due diligence requests from 3rd parties, states, agencies, and regulators
- Evaluate and review policies, procedures, controls, and standards to identify gaps and recommend opportunities for control enhancements
- Provide effective and concise communication to all levels of management as it relates to risk levels associated with the business areas.
- Continuous process improvement: must look for ways to gain efficiencies through automation and process restructuring
- Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
- Collect, document, track, follow-up, and report on information security risk exceptions
- Document, monitor, follow-up, and report on non-approved use of technical cloud services
- Ability to quickly learn, communicate and apply technical concepts
- Bachelor's degree (BS, BA) in MIS, CS, Business or related field strongly preferred
- 3-5years of relevant work experience in IT audit, IT security, or IT risk management work.
- Experience working on Information security due-diligence reviews of Third-Party Suppliers/ Vendors
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Experience with NIST CSF, ISO 27001/27002, CIS or other cybersecurity control frameworks
- Familiarity with SOC reports
- Experience writing policies and procedures
- Capable of handling a variety of ad-hoc requirement
- Experience in a service-oriented organization serving many stakeholders globally
- Detail-oriented and excels in a fast-paced dynamic environment
- Natural curiosity and tenacity
- Strong understanding of cloud technologies.
- Strong communication, organizational skills, interpersonal, and collaborative skills
- Certifications: CISSP, CISA, CISM, CRISC, or relevant certifications preferred
Travel: Domestic and International travel may be required, up to 10%
This position does not support immigration sponsorship.
We prohibit discrimination on the basis of race, color, gender, age, religion, national origin, sexual orientation, gender identity or expression, disability, veteran status or any other legally protected status.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.