Information Security Manager, Asia

The Company: Cognex Corporation

Cognex is the global leader in the exciting and growing field of machine vision. With over $800 million of cash in the bank and no debt, we are a financially strong international company with a culture that maintains the fast paced, creative environment of a startup. Our employees, proudly called "Cognoids," take their work seriously, but don't take themselves seriously. Our Work Hard, Play Hard, Move Fast culture recognizes our employees for their innovation, perseverance and hard work in a fun, rewarding, and quirky environment.

The Role:

As the Information Security Manager, Asia, your role is to represent the Information Security function in-region with a mission to:

1). Support local business partner's business needs with solutions that are secure and consistent with Cognex's policies and procedures.

2). Ensure technical, operational and administrative controls are implemented sufficiently to ensure the confidentiality, integrity and availability of Cognex's information, technologies, and intellectual property.

3). Ensure Cognex's compliance with international, regional, and national regulations and customer contracts for information security and data privacy.

In this capacity, you will collaborate with local and regional Business Partners (all functions) to plan, negotiate, develop and implement local and regional security controls and procedures necessary to establish IT and information governance in region and aligned with global standards; mitigate risk; and satisfy customer, audit, and regulatory compliance for Cognex.  You will also liaise with national and regional regulatory bodies, supporting necessary audits, certifications and compliance requirements.

This position requires a citizen and resident of China, who is based in Cognex's Shanghai or Shenzhen offices, with up-to two days of remote work per week accommodated.

Essential Functions:

• Serve in official cyber security and data protection roles, and perform functions, as required by region- and national regulation (for example, Cybersecurity Official and Data Privacy Officer for China and Singapore).
• Ensure Cognex regional and national implementations of networks, systems, databases, operations, products and services, and their processing, use and retention of data are implemented pursuant to Cognex policies and compliant with regional and national cyber and data protection regulations.
• Coordinate Cognex's regional and national requirements and remediations necessary for audits, pen-tests, security assessments and certifications.
• Collaborate with regional and local business partners as the liaison for Information Security, providing local solutions- and coordinating global support as warranted, to achieve solutions that are compliant with Cognex Information Security policies and practices.
• Contribute to Cognex's IT and security documentation (policies, standards, architectures, designs, procedures, and guidelines) for regional and national requirements.
• Contribute to- and advance Cognex's IT risk management and mitigation for regional based audit findings, threat & vulnerability findings, DR tests, security assessments any penetration and software development tests.
• Collaborate with local business partners in-region on training, tools and procedures to improve security awareness and competence throughout the Region to support Cognex's plans to achieve ISO 27001 and IEC 62443 certification.
• Review regional and country-based customer contracts to ensure Cognex can meet and can prepare its processes and databases to comply with terms and conditions related to cyber security, data protection, incident response and customer notification provisions.
• Review regional and country-based vendor contracts to ensure the vendor services are not introducing undo risk and that intended use-, processing, and retention of data is compliant with regional and national cyber and data protection regulations.

Knowledge, Skills, and Abilities:

• Knowledge and experience in China and Asia laws and regulations for Information Security and Data Privacy (including China- Cyber Security Law, Data Security Law, Personal Information Protection Law, Cross Boarder Data Transfer; Singapore, Japan, and Korea Cybersecurity and Data Privacy)
• Demonstrated on-the-job experience developing and implementing technical, operational and administrative security controls in a medium to large sized national or multi-national organization, based in China or Asia region with a significant IoT hardware and software engineering component.
• Experience developing programs to meet program and product security certifications including ISO/IEC 27001, ISO 15408 Common Criteria, SOC 2 Type II, OWASP, and ISA/IEC 62443 Certification Programs
• Knowledge and experience in IT infrastructure engineering, security engineering, IoT Security, and/or software engineering.
• Knowledge and experience in software development and Secure SDLC processes.
• Knowledge and experience in IT Operations, processes and procedures.
• Knowledge and experience in Threat & Vulnerability Management.
• Knowledge and experience with cloud environments and cloud-based development.
• Competent in written and oral English and Chinese.

Education and work experience required:
BS or MS in Computer Science or relevant discipline.

Security certifications such as CISSP, CISM, CISA, CCSP and/or China, Korea, Japan equivalents; China or Singapore Data Privacy Officer certification a plus.
5-10 years' experience engineering or developing solutions in Information Technology.

5 or more years' experience in information security, including governance, risk, and compliance (GRC)

Minimum of 3 years' experience developing, negotiating and implementing security controls in a medium to large national or multi-national organization with a substantial software and/or cloud-based product and a significant software development life cycle process.