The Company: Cognex Corporation

Cognex is the global leader in the exciting and growing field of machine vision. With over $800 million of cash in the bank and no debt we are a financially strong international company with a culture that maintains the fast paced creative environment of a startup. Our employees proudly called Cognoids take their work seriously but dont take themselves seriously. Our Work Hard Play Hard Move Fast culture recognizes our employees for their innovation perseverance and hard work in a fun rewarding and quirky environment.

The Role:

As the Information Security Manager Asia your role is to represent the Information Security function in-region with a mission to:

1). Support local business partners business needs with solutions that are secure and consistent with Cognexs policies and procedures.

2). Ensure technical operational and administrative controls are implemented sufficiently to ensure the confidentiality integrity and availability of Cognexs information technologies and intellectual property.

3). Ensure Cognexs compliance with international regional and national regulations and customer contracts for information security and data privacy.

In this capacity you will collaborate with local and regional Business Partners (all functions) to plan negotiate develop and implement local and regional security controls and procedures necessary to establish IT and information governance in region and aligned with global standards; mitigate risk; and satisfy customer audit and regulatory compliance for Cognex. You will also liaise with national and regional regulatory bodies supporting necessary audits certifications and compliance requirements.

This position requires a citizen and resident of China who is based in Cognexs Shanghai or Shenzhen offices with up-to two days of remote work per week accommodated.

Essential Functions:

• Serve in official cyber security and data protection roles and perform functions as required by region- and national regulation (for example Cybersecurity Official and Data Privacy Officer for China and Singapore).
• Ensure Cognex regional and national implementations of networks systems databases operations products and services and their processing use and retention of data are implemented pursuant to Cognex policies and compliant with regional and national cyber and data protection regulations.
• Coordinate Cognexs regional and national requirements and remediations necessary for audits pen-tests security assessments and certifications.
• Collaborate with regional and local business partners as the liaison for Information Security providing local solutions- and coordinating global support as warranted to achieve solutions that are compliant with Cognex Information Security policies and practices.
• Contribute to Cognexs IT and security documentation (policies standards architectures designs procedures and guidelines) for regional and national requirements.
• Contribute to- and advance Cognexs IT risk management and mitigation for regional based audit findings threat & vulnerability findings DR tests security assessments any penetration and software development tests.
• Collaborate with local business partners in-region on training tools and procedures to improve security awareness and competence throughout the Region to support Cognexs plans to achieve ISO 27001 and IEC 62443 certification.
• Review regional and country-based customer contracts to ensure Cognex can meet and can prepare its processes and databases to comply with terms and conditions related to cyber security data protection incident response and customer notification provisions.
• Review regional and country-based vendor contracts to ensure the vendor services are not introducing undo risk and that intended use- processing and retention of data is compliant with regional and national cyber and data protection regulations.

Knowledge Skills and Abilities:

• Knowledge and experience in China and Asia laws and regulations for Information Security and Data Privacy (including China- Cyber Security Law Data Security Law Personal Information Protection Law Cross Boarder Data Transfer; Singapore Japan and Korea Cybersecurity and Data Privacy)
• Demonstrated on-the-job experience developing and implementing technical operational and administrative security controls in a medium to large sized national or multi-national organization based in China or Asia region with a significant IoT hardware and software engineering component.
• Experience developing programs to meet program and product security certifications including ISO/IEC 27001 ISO 15408 Common Criteria SOC 2 Type II OWASP and ISA/IEC 62443 Certification Programs
• Knowledge and experience in IT infrastructure engineering security engineering IoT Security and/or software engineering.
• Knowledge and experience in software development and Secure SDLC processes.
• Knowledge and experience in IT Operations processes and procedures.
• Knowledge and experience in Threat & Vulnerability Management.
• Knowledge and experience with cloud environments and cloud-based development.
• Competent in written and oral English and Chinese.

Education and work experience required:
BS or MS in Computer Science or relevant discipline.

Security certifications such as CISSP CISM CISA CCSP and/or China Korea Japan equivalents; China or Singapore Data Privacy Officer certification a plus.
5-10 years experience engineering or developing solutions in Information Technology.

5 or more years experience in information security including governance risk and compliance (GRC)

Minimum of 3 years experience developing negotiating and implementing security controls in a medium to large national or multi-national organization with a substantial software and/or cloud-based product and a significant software development life cycle process.