Cybersecurity Compliance Program Director – CMMC

Requisition Number: 52313

Corning is one of the world’s leading innovators in materials science. For more than 160 years, Corning has applied its unparalleled expertise in specialty glass, ceramics, and optical physics to develop products that have created new industries and transformed people’s lives.

Corning succeeds through sustained investment in R&D, a unique combination of material and process innovation, and close collaboration with customers to solve tough technology challenges.

The global Information Technology (IT) Function is leading efforts to align IT and Business Strategy, leverage IT investments, and optimize end to end business processes and associated information integration technologies. Through these efforts, IT helps to improve the competitive position of Corning’s businesses through IT enabled processes. IT also delivers Information Technology applications, infrastructure, and project services in a cost efficient manner to Corning worldwide.

This role has the ability to be virtual.

Purpose of Position: Responsible for strategy, planning, executing, auditing, monitoring and reporting on CMMC Compliance for Corning Incorporated. Provide expert regulatory analysis andguidance for achieving, maintaining, and optimizing CMMC certification throughout the compliance lifecycle. Provide continuous monitoring of regulatory policies, programs, controls,compliance artifacts, and standards to maintain a zero-finding environment for compliance in support of the CMMC program. Lead the program and project streams for the design, development, execution, and maintenance of CMMC compliance.

Roles and Responsibilities:

• Develop and gain support for a comprehensive CMMC certification program within Corning.
• Communicate and garner support from stake holders of all levels to ensure adherence to policies, processes and other organization changes related to CMMC certification.
• Lead and perform CMMC compliance tasks which includes strategy development, planning, analysis, design,testing, and reporting in accordance with appropriate professional and department standards for the CMMC program.
• Review federal regulations and provide updates and overviews to management that include risks and responsibilities associated with CMMC.
• Oversee the development and maintenance of CMMC certification artifacts.
• Participate in the evaluation, development, maintenance and documentation of policies, procedures, and training as they pertain to CMMC compliance requirements.
• Develop an internal training program for the handling of Controlled Unclassified Information and general CMMC requirements.
• Work with business management and the CISO to remediate any noted control weaknesses.
• Partner with architecture teams to identify enterprise solutions and evaluate impacts on business and security controls.
• Perform CMMC compliance assessments within all internal IT environments, including cloud and complex IT environments.
• Obtain buy-in and ownership from business leadership, management and other stakeholders for observations and remediation plans.
• Work with Internal Audit, external auditors, management, and staff to identify feasible resolutions to control gaps and opportunities for improvement.
• Plan and execute compliance reviews.
• Lead and participate in all audits, certification and all other activities related to compliance

Education Requirements: Bachelors (4 year) degree in Computer Information Systems, Information Technology, or related field; MBA preferred.

Work Requirements: 15+ years combined compliance, audit, technology risk, security and/orinformation technology experience; at least 5 years with DFARS/NIST800-171.

Required Skills:

• Prior experience and knowledge with federal information security policies, standards, procedures, directives, and frameworks, such as: CMMC, FISMA, NIST Cyber Framework, FedRAMP, and Risk Management Framework
• At least 5 years with DFARS/NIST800-171 or similar DoD regulatory controls.
• Familiarity and leadership of strategy development, technical assessments, and audit methodologies for technical systems (network, operating systems, application security) as well as IT auditing processes.
• High degree of personal integrity; promotes high standards of ethical conduct and behaviors consistent with organizational and government standards
• Strong communication; written and verbal skills. There will be frequent interactions with internal and external stakeholders.
• Ability to travel domestically up to 25%
• CMMC Registered Practitioner

Desired Skills:

• Extensive knowledge of government regulatory compliance and control frameworks such as ITAR, EAR, Data Privacy (GDPR, BCR, etc.), COSO, COBiT, PCI-DSS, SANS Top 20 Security Controls, FedRAMP, and HIPAA
• CMMC Certified Professional
• Experience in conducting IT controls assessments based on ISO 27001/27002 and 27018, SOC 1 and SOC 2 Type 2 reports
• Strong project management skills
• Experience with Governance, Risk, and Compliance (GRC) tools
• General knowledge of internal control concepts, principles, and risk analysis
• Desired Certifications: CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information System Security Professional) – or willingness to obtain within 1 year

We prohibit discrimination on the basis of race, color, gender, age, religion, national origin, sexual orientation, gender identity or expression, disability, veteran status or any other legally protected status.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Nearest Major Market: Charlotte