IT Governance, Risk & Compliance (GRC) Manager

The Company: Cognex Corporation

Cognex is the world’s leading provider of vision systems, software, sensors, and industrial barcode readers used in manufacturing automation. Cognex vision helps companies improve product quality, eliminate production errors, lower manufacturing costs, and exceed consumer expectations for high quality products at an affordable price. Typical applications for machine vision include detecting defects, monitoring production lines, guiding assembly robots, and tracking, sorting and identifying parts.

Cognex serves an international customer base from offices located throughout the Americas, Europe, and Asia, and through a global network of integration and distribution partners. The company is headquartered close to Boston in Natick, Massachusetts

The Team: Cyber Security team, part of our Global IT organization

As a member of the Security Team, you will be part of a team of highly skilled security professionals tuned-in to protection and technical innovation. You will work closely with IT, engineering teams and functions throughout the company to develop, coordinate, and ultimately execute Cognex’s IT Governance Risk and Compliance program advancing important policies, procedures and controls; coordinating risk and audit assessments; and overseeing our progress of compliance with important industry standards and certifications such as ISO/IEC 27001, NIST, CIS Critical Security Controls and OWASP. . As the program champion, you will lead a cross functional team charged with confirming and prioritizing customer requirements; determining appropriate security frameworks; and developing, negotiating and implementing technical, operational and administrative controls throughout Cognex’s software development life cycle and other key processes to secure relevant security certifications. As a leading global hardware/software engineering company, Cognex has always taken IT security seriously and this position offers an exceptional personal and professional challenge for the right person.

The Role:

As the IT Governance, Risk & Compliance Manager, your primary responsibilities are to champion and coordinate Cognex’s program to advance/mature our IT governance, risk management and compliance with customer and audit requirements, industry standards and certifications. In so doing, you will collaborate with Product and Software Engineering Groups, with Information Security, Applications and IT Infrastructure Engineering, IT Operations, Legal, Sales, Product Marketing and with many other functions throughout Cognex to plan, negotiate, develop and implement security controls and procedures necessary to establish IT and information governance; mitigate risk; satisfy customer and audit compliance requirements and establish certifications relevant to Cognex’s customers.

This position will immediately take stock of the current state of IT governance, risk and compliance across Cognex and with leadership establish a program, roadmap and timeline to establish ISO/IEC 27001 certification and other certifications relevant to our customers.

This role will establish automated means to assign, maintain, and substantiate control status among control owners and to facilitate automated reporting of Cognex’s status relative to certification and control requirements.

Essential Functions:

• Review and advance Cognex’s IT and security governance for all material IT operations, systems, data, and services.

• Coordinate and maintain Cognex’s IT and security documentation (policies, standards, architectures, designs, procedures, and guidelines) ensuring a change control and approval process and its availability on Cognex’s Intranet.

• Review and advance Cognex’s IT risk management and mitigation including audit findings, threat & vulnerability findings, DR tests, security assessments any penetration and software development tests

• Consolidate, prioritize and report on findings of control short-falls as a result of audits, risk assessments, compliance assessments and a range of security tests including, pen-tests, vulnerability assessment, and static- and dynamic- application security tests, ensuring remediation plans are developed and implemented to reasonable timescales to ensure continuous improvement towards security certifications.

• Coordinate Cognex’s IT requirements and remediations necessary for audits, pen-tests, security assessments and certifications

• Coordinate and advance Cognex’s implementation and compliance of IT and security controls necessary to sustain important industry certifications relative to company and product.

• Review customer contracts for IT security requirements, suggesting “terms” Cognex can meet; provide timely response to customer questionnaires, surveys and audit requests; consolidate and represent customer requirements relative to security certifications and recommend and guide Cognex Business Units on appropriate certifications to pursue.

• Engage in ongoing communications with peers in the DevOps, Engineering, Networking, Product and Engineering groups as well as the various business groups to ensure enterprise-wide understanding of GRC goals and solicit feedback and foster co-operation.

Knowledge, Skills, and Abilities:

• Knowledge and experience in Governance, Risk and Compliance

• Demonstrated on-the-job experience developing and implementing technical, operational and administrative security controls (NIST, ISO, CIS, AICPA, SOX) in a medium to large sized national or multi-national organization, ideally an organization with a significant IoT hardware and software engineering component

• Experience developing programs to meet program and product security certifications including ISO/IEC 27000, ISO 15408 Common Criteria, ANSI/ISA 62443 (Formerly ISA-99), IEC 62443 and IEC 62443 Certification Programs

• Knowledge and experience in IT infrastructure engineering, security engineering, IoT Security, and/or software engineering

• Knowledge and experience in software development and SDLC processes

• Knowledge and experience in IT Operations, processes and procedures

• Knowledge and experience in Threat & Vulnerability Management

• Knowledge and experience with cloud environments and cloud-based development

Education and work experience required:

• BS or MS in Computer Science or relevant discipline

• Security certifications are a plus

• 5-10 years’ experience in Information Technology

• 5 or more years’ experience in governance, risk, and compliance (GRC)

• Minimum of 3 years’ experience developing, negotiating and implementing security controls in a medium to large national or multi-national organization with a substantial software and/or cloud-based product and a significant software development life cycle process

Equal Employment Opportunity

Cognex is an equal opportunity employer. Cognex evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.