Secondment via YER, Interim/independent
High Tech, IT & Telecom, Engineering
About this vacancy
For the corporate sectors in ASML we are looking for a Security Risk Manager to strengthen their Security Risk Management function on a temporary basis.
ASML has a security governance where security risk management is embedded on sector level. The Security Risk Manager drives risk identification and risk mitigation within his/her responsibility area in close cooperation with the Sector Security Risk Manager.
Ensure that security risks do not exceed the organization risk appetite by timely identifying risks and maintaining the security risk register, assessing risks, driving risk mitigation and monitoring and reporting on progress.
- Identify risks and perform/facilitate risk assessments.
- rive mitigation of risks; propose mitigating controls in accordance with sector risk appetite and drive implementation and use.
- -Keep track of risks and their status in the sector security risk register and report to stakeholders; have a clear oversight on the status of current security controls for the sector.
- Stakeholder management: ensure awareness and ownership of risks/mitigations.
- Ensure compliance to security policies and standards.
- Align with IT security department on IT specific aspects of risk assessments.
- Keep up with relevant international legislation, emerging threats, forecasts, policies and benchmarks.
Context of the position
As Information Security Risk Manager you will be assigned to the Security Risk Management team, which is part of Global Enabling Services – Information & Portfolio management.
The GES – Center of Excellence drives and supports improvements in business processes and IT tooling for the ASML Corporate sectors. We do this through several distinct services; e.g. Business Architecture, Information Management/Portfolio management, Program/Project Management, and Information Security.
The corporate sectors in scope include amongst others Finance, HR, Legal, Communication, Tax, Treasury, Risk & Business Assurance, Marketing, Global Quality and Enterprise Management Systems.
You are based in Veldhoven, the Netherlands. You work closely together with colleagues in the Security Risk Management team and with (senior) business stakeholders in the corporate sectors.
ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.
ASML is headquartered in Veldhoven, the Netherlands.
You will be employed by YER and seconded to ASML. We offer:
- Good employee benefits (e.g. work-life balance, pension, commuting allowance or potentially a lease car)
- Intensive support for international candidates (Including, Visa support, 30% rule, Free Dutch lessons, tax-return and accommodation assistance)
- Community/network/assignments with other technology professionals from a variety of our multinational clients; ASML, Philips, NXP, KLM, Rabobank, Siemens, MSD, Canon etc.
- Development opportunities, full access to the New Heroes training portal & the YER Talent Development Programme with a personal coach
- Excellent guidance from your consultant and YER's back office
- Events and master classes with interesting speakers and attractive companies
- Master degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering).
- Information security risk management qualifications like CISSP, CISA or CISM.
- Minimum of 5 years of relevant experience in information security risk management.
- Experience with the ISO27001/2 risk management framework/control.
- Cooperation with and understanding of the IT security domain.
- Basic project management experience
- Knowledgeable on multiple laws and regulations; e.g. GDPR and US export regulations.
- Relationship builder; able to create and maintain a trusted network on all levels.
- Good communication, influencing and negotiating skills.
- Able to inspire and motivate people.
- Strong analytical skills.
- Pro-active and self-motivated with the proven ability to drive results.
- Pragmatic, hands-on mentality, motivated by realizing goals rather than personal acknowledgement.
- Able to plan and prioritize.
- Creative when handling problems.
- Flexible, adapting to company culture and individual behavior.
- Fluent in English (written and verbal).