IT Governance, Risk & Compliance (GRC) Manager
IT Governance, Risk & Compliance (GRC) Manager
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Job Description
The Company: Cognex Corporation
Cognex is the worlds leading provider of vision systems software sensors and industrial barcode readers used in manufacturing automation. Cognex vision helps companies improve product quality eliminate production errors lower manufacturing costs and exceed consumer expectations for high quality products at an affordable price. Typical applications for machine vision include detecting defects monitoring production lines guiding assembly robots and tracking sorting and identifying parts.
Cognex serves an international customer base from offices located throughout the Americas Europe and Asia and through a global network of integration and distribution partners. The company is headquartered close to Boston in Natick Massachusetts
The Team: Cyber Security team part of our Global IT organization
As a member of the Security Team you will be part of a team of highly skilled security professionals tuned-in to protection and technical innovation. You will work closely with IT engineering teams and functions throughout the company to develop coordinate and ultimately execute Cognexs IT Governance Risk and Compliance program advancing important policies procedures and controls; coordinating risk and audit assessments; and overseeing our progress of compliance with important industry standards and certifications such as ISO/IEC 27001 NIST CIS Critical Security Controls and OWASP. . As the program champion you will lead a cross functional team charged with confirming and prioritizing customer requirements; determining appropriate security frameworks; and developing negotiating and implementing technical operational and administrative controls throughout Cognexs software development life cycle and other key processes to secure relevant security certifications. As a leading global hardware/software engineering company Cognex has always taken IT security seriously and this position offers an exceptional personal and professional challenge for the right person.
The Role:
As the IT Governance Risk & Compliance Manager your primary responsibilities are to champion and coordinate Cognexs program to advance/mature our IT governance risk management and compliance with customer and audit requirements industry standards and certifications. In so doing you will collaborate with Product and Software Engineering Groups with Information Security Applications and IT Infrastructure Engineering IT Operations Legal Sales Product Marketing and with many other functions throughout Cognex to plan negotiate develop and implement security controls and procedures necessary to establish IT and information governance; mitigate risk; satisfy customer and audit compliance requirements and establish certifications relevant to Cognexs customers.
This position will immediately take stock of the current state of IT governance risk and compliance across Cognex and with leadership establish a program roadmap and timeline to establish ISO/IEC 27001 certification and other certifications relevant to our customers.
This role will establish automated means to assign maintain and substantiate control status among control owners and to facilitate automated reporting of Cognexs status relative to certification and control requirements.
Essential Functions:
Review and advance Cognexs IT and security governance for all material IT operations systems data and services.
Coordinate and maintain Cognexs IT and security documentation (policies standards architectures designs procedures and guidelines) ensuring a change control and approval process and its availability on Cognexs Intranet.
Review and advance Cognexs IT risk management and mitigation including audit findings threat & vulnerability findings DR tests security assessments any penetration and software development tests
Consolidate prioritize and report on findings of control short-falls as a result of audits risk assessments compliance assessments and a range of security tests including pen-tests vulnerability assessment and static- and dynamic- application security tests ensuring remediation plans are developed and implemented to reasonable timescales to ensure continuous improvement towards security certifications.
Coordinate Cognexs IT requirements and remediations necessary for audits pen-tests security assessments and certifications
Coordinate and advance Cognexs implementation and compliance of IT and security controls necessary to sustain important industry certifications relative to company and product.
Review customer contracts for IT security requirements suggesting terms Cognex can meet; provide timely response to customer questionnaires surveys and audit requests; consolidate and represent customer requirements relative to security certifications and recommend and guide Cognex Business Units on appropriate certifications to pursue.
Engage in ongoing communications with peers in the DevOps Engineering Networking Product and Engineering groups as well as the various business groups to ensure enterprise-wide understanding of GRC goals and solicit feedback and foster co-operation.
Knowledge Skills and Abilities:
Knowledge and experience in Governance Risk and Compliance
Demonstrated on-the-job experience developing and implementing technical operational and administrative security controls (NIST ISO CIS AICPA SOX) in a medium to large sized national or multi-national organization ideally an organization with a significant IoT hardware and software engineering component
Experience developing programs to meet program and product security certifications including ISO/IEC 27000 ISO 15408 Common Criteria ANSI/ISA 62443 (Formerly ISA-99) IEC 62443 and IEC 62443 Certification Programs
Knowledge and experience in IT infrastructure engineering security engineering IoT Security and/or software engineering
Knowledge and experience in software development and SDLC processes
Knowledge and experience in IT Operations processes and procedures
Knowledge and experience in Threat & Vulnerability Management
Knowledge and experience with cloud environments and cloud-based development
Education and work experience required:
BS or MS in Computer Science or relevant discipline
Security certifications are a plus
5-10 years experience in Information Technology
5 or more years experience in governance risk and compliance (GRC)
Minimum of 3 years experience developing negotiating and implementing security controls in a medium to large national or multi-national organization with a substantial software and/or cloud-based product and a significant software development life cycle process
Additional Job Description
Equal Employment Opportunity
Cognex is an equal opportunity employer. Cognex evaluates qualified applicants without regard to race color religion gender national origin age sexual orientation gender identity or expression protected veteran status disability/handicap status or any other legally protected characteristic.
Required Experience:
Manager
Employment Type
Full-Time
