Sr. Information Security Risk Manager

  • Job category IT
  • Employment Fulltime
  • Reference number VAC-10007857
  • Location Veldhoven
  • Contract type Secondment via YER
  • Industry High Tech, IT & Telecom

About this vacancy

Introduction

ASML is the largest supplier in the world of photo-lithography systems for the semiconductor industry and manufactures machines for the production of integrated circuits. It is a heavily R&D driven company, and as such, it is critical that we properly safeguard our intellectual property. As an information security manager, you will manage information security risks within the R&D domain, which is a challenging position in an intellectual property-driven enterprise.

R&D Security Risk Management (SRM) operates within the R&D domain, which includes Development & Engineering, System Engineering and all Business Lines. R&D SRM is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution. 

Job description

Job Mission

As an information security risk manager you will manage information security risks in the R&D domain, which is a challenging position in an Intellectual Property driven enterprise. Throughout the company multiple disciplines are required to ensure proper identification, mitigation and management of these risks.

In the ASML security governance information security risk management is embedded in the sectors itself via so-called sector Security risk management.

As part of this profile you will be responsible for:

  • Assessing and Advice existing or new Business and IT services (on premise or cloud) on risk to information security aspects.
  • Delivering and monitoring security requirements in line with the sensitivity and importance of the subject and company policies and standards.
  • Communicate and advise security risk management, projects, business and IT partners on information security improvements and requirements.

Responsibilities

Ensure security risks do not exceed the risk appetite by timely identifying and assessing risks and propose mitigating controls conform best practice, policies and standards. Identify gaps, propose improvements and update/create policies, standards, means and methods. Monitor and report adherence to required security controls.

This role focuses on information security in the applications and projects domain by amongst others performing Information Systems Security Assessments over R&D owned applications/information systems. Besides these domains you will be expected to also perform/assist in generic security risk assessments and support the R&D Security Risk Management team as a whole.

  • Perform Information Systems Security Assessments, write Information Systems Security Reports and provide guidance to risk owners on management response and mitigation;
  • Contribute to improving means and methods related to our focus domains;
  • Align with other projects and application security competences (IT and Business) within the security community;
  • Perform, advice and follow up on generic risk assessments and identified risks;
  • Drive mitigation of agreed controls;
  • Update the D&E security risk register;
  • Ensure compliance to security policies and standards;
  • Alignment with IT (-security) on controls and activities required.

Context of the position

You are based in Veldhoven, the Netherlands. You will be employed in the R&D Security Risk Management (SRM) team which is part of the Development and Engineering Information Management department. You will be reporting to the Application security and project security focus group leads and functionally reporting to the R&D Sector Security Risk Manager.

You are a member of the ASML Security community; collaborating also together with Security Risk Managers in other sectors.

Other information

This position requires access to U.S. controlled technology, as defined in the United States Export Administration Regulations. Qualified candidates must be legally authorized to access such U.S. controlled technology prior to beginning work. Business demands may require ASML to proceed with applicants who are immediately eligible to access U.S. controlled technology.

Company

ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.

ASML is headquartered in Veldhoven, the Netherlands.

Offer description

You will be employed by YER and seconded to ASML. We offer:

  • Excellent Remuneration (depending on level of expertise)
  • Good employee benefits (e.g. work-life balance, pension, commuting allowance or potentially a lease car)
  • Intensive support for international candidates (including, Visa support, 30% rule, Free Dutch lessons, tax-return and accommodation assistance) 
  • Community/network/assignments with other technology professionals from a variety of our multinational clients; ASML, Philips, NXP, KLM, Rabobank, Siemens, MSD, Canon etc.
  • Development opportunities, full access to the New Heroes training portal & the YER Talent Development Programme with a personal coach
  • Excellent guidance from your consultant and YER's back office
  • Events and master classes with interesting speakers and attractive companies

Candidate profile

Education

A Bachelor degree or higher and relevant education in Information Security, Audit, Cloud and/or SAP Security.

Experience

  • 5+ years of relevant experience in information security risk management.
  • In possession of valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
  • In possession of a valid work permit for The Netherlands.
  • Understanding / knowledge / experience in the IT security domain.
  • Experience with the ISO27001 & ISO31000 risk management framework.
  • Experience with Identity and Access Management processes.
  • Knowledge and experience of Big Data and Big Compute security.
  • Affinity with Research and Development processes, way of working and culture.
  • Pro: Knowledge of export regulations.
  • Pro: Knowledge of GCP and Azure platforms and deployments (IAAS, PAAS and SAAS).
  • Pro: Solid devops (SAFe) and project management understanding.
  • Pro: Able to understand and translate IT threats and vulnerabilities to business risk.

Personal skills

  • Strong analytical skills.
  • Communication and stakeholder management skills at different levels of the organization and with outside vendors and service providers.
  • Dealing with resistance and reluctance.
  • Pro-active and self-motivated with the proven ability to drive results.
  • Team player.
  • Excellent communication, influencing and negotiating skills.
  • Fluent English (written and verbal).