Security Program Manager

  • Job category IT
  • Employment Fulltime
  • Reference number VAC-10012612
  • Location Veldhoven
  • Contract type Secondment via YER
  • Industry High Tech, IT & Telecom

About this vacancy

For the Operations sector in ASML we are looking for a Security Program Manager to further strengthen our ability to protect the Intellectual Property of ASML, our customers and our suppliers and to prevent business disruption in our factories and supply chain. The Operations sector is the largest sector within ASML and includes Manufacturing, Customer Support, Sourcing and Supply Chain and Corporate Real Estate. 

Within ASML generic security capabilities are organized centrally via competences. Security risk management is however embedded within each of the sectors. The security risk management team identifies and assesses potential information security risks, recommends mitigations and helps the risk owners drive the implementation of mitigations to reduce the risk to an acceptable level. The team is involved in all programs, projects and changes to assess the assets that are being introduced or changed, to provide security requirements and to validate adequate implementation. In case of security incidents the team is involved in determining business impact, in communication and escalation towards sector management and in defining lessons learned and structural improvements. Creating awareness and educating the sector ranging from senior management to people on the ground is a key responsibility for each member of the team.

Finally, the security risk management team is also managing or driving ASML wide and/or Operations specific projects to strengthen and mature the information security capabilities of ASML.

Job description

As Security Program Manager you will prepare the annual portfolio and roadmap of security projects and initiatives that affect the Operations sector, drive the inclusion and prioritization of these projects in the financial planning of the sub-sectors and either manage or enable execution of the portfolio.

You are expected to fulfil the following responsibilities:

  • Annually, collect the unconstrained demand of security projects and initiatives that either affect or are specific for the Operations sector;
  • Propose priority based on the level of risk mitigation against specific risks or risk categories;
  • Drive inclusion and prioritization in the annual financial planning process of the different sub-sectors;
  • Complete the initiation of all security projects, defining and aligning scope, business benefits, governance, deliverables and timelines;
  • For the projects that are managed by the security risk management team, you will ensure projects are led (or personally drive delivery), resourced and remain on track against scope - managing the triple constraints; Time, Budget and Scope;
  • Provide Quality Assurance on project definition, project governance, project quality, monitoring the execution and ensuring effective stakeholder management;
  • Report on progress towards the sub-sectors and towards the ASML Security Portfolio;
  • Ensure the project management system is up-to-date and accurately portrays the status of the portfolio of programs and projects;
  • Manage/report on the risk mitigation status of risks by the projects;
  • Align with other security risk management teams and central competence teams to support cross-sector initiatives;
  • Realign portfolio on budget and planning in case of major changes;
  • Generate demand towards the central security competences and IT based on outcomes of risk assessments; help define the implementation of additional measures and capabilities;
  • Act as sounding board to sector management;
  • Identify and provide advice on strategic and tactical information security risks within the sector;
  • Support the implementation of security capabilities within the sector;
  • Understanding / knowledge / experience of security domains i.e. Access Control, Communication Security, Incident Management, Supplier & Customer Relationship, Training & Awareness, Asset Management, Business Continuity Management, Operations Security and System Acquisition, Dev & Maintenance;
  • Keep up with relevant international legislation, emerging threats, forecasts, policies and benchmarks

Job Mission

Ensure that information security risks do not exceed the organization risk appetite by timely identifying risks and maintaining the security risk register, assessing risks, drive risk mitigation and monitor and report on progress.

Context of the position

As Security Program Manager, you will be part of the Operations Strategies and Excellence (OSE) department and will report to the Senior Security Risk Manager Operations.

The OSE department supports the definition of the Operations strategy, the translation of the strategy into capabilities, a roadmap and a portfolio and drives specific competences including Information Security, Information Management, Portfolio management, Program/Project Management and Benefits Management.

You will be based in Veldhoven, the Netherlands. You will be a member of the ASML Security community; working closely together with the security risk management teams in other sectors and the central security competence teams.

Company

ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.

ASML is headquartered in Veldhoven, the Netherlands.

Offer description

You will be employed by YER and seconded to ASML. We offer:

  • Good employee benefits
  • Challenging assignments
  • Excellent guidance from your consultant and YER's back office
  • Development opportunities, including the YER Talent Development Programme with a personal coach
  • Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
  • Cooperative and results and relationship-driven
  • Friendly atmosphere and open culture
  • Community/network with other technology professionals from a variety of multinationals
  • Events and master classes with interesting speakers and attractive companies

Candidate profile

Education

  • Master's degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering). Optionally bachelor.
  • Knowledge of project management (Prince-2 / PMBOK/ APMP /MSP)
  • In possession of a valid work permit for The Netherlands
  • Pro: In possession of valid industry certifications (CISM, CISA, CISSP)

Experience

Technical skills:

  • Minimum of 8 years’ experience in Project or Program Management in complex high-tech business environment
  • Ability to shape and drive security roadmaps
  • Extensive experience in Information Security projects is a must
  • Worked for a global organization sized similar to ASML with the proven ability to navigate complex, international work environments being sensitive to cultural differences
  • Fluent in English (written and verbal)
  • Pro: Experience in manufacturing / production environment
  • Pro: Experience in OT/ICS programs and environments

Personal skills

  • Ability to communicate with, convince and inspire senior management
  • Relationship builder; able to create and maintain a trusted network
  • Able to influence / lead without mandate
  • Able to give direction, plan and prioritize
  • Acts decisively, takes responsibility and shows critical sense
  • Pragmatic, pro-active, hands-on mentality, motivated by realizing goals rather than personal acknowledgement and a proven ability to drive results