Security Risk Manager

  • Job category IT
  • Contract Fulltime
  • Reference number VAC-10002645
  • Location Eindhoven
  • Contract type secondment via YER
  • Industry IT & Telecom

About this vacancy

This role will be responsible for managing and reporting on all security risks. This will include the risks of Information Security and Safeguarding of Assets, as part of the ASML Risk Universe items on Security. In addition, this role will manage and report on the cross-sector Security risk register. Additionally, the role will be expected to plan and execute the merger of separate existing risk registers into one ASML Security Risk Register instance to be managed centrally.

Mission

Ensure security risks stays within the risk appetite by (early) identification of security risks, performing risk assessments and drive risk mitigation.

Job description

Generic activities

  • Maintain and develop ASML wide Security Risk Management means and methods
  • Drive risk mitigation based on agreed controls
  • Maintain the ASML Security risk register and Cross-Sector Security Risk Register
  • Manage the Security Risk Line of Sight process, covering Risk Analysis & Identification, setting Risk Control strategies, monitoring Key Risk indicators, performance of controls and implementation of new controls
  • Structure risks in Child and Parent Security risk overviews
  • Maintain the ASML Security Risk Matrix
  • Provide reports to senior executive management in collaboration with the respective risk owners
  • Perform and support Security risk reporting including tracking KRIs
  • Alignment with the ASML Sectors and their security risk registers
  • Manage the Exception process including reporting on a regular basis
  • Keep up with relevant international legislation, best practices, emerging threats, policies and benchmarks
  • Drive the GRC tooling implementation
  • Be the lead for the following focus groups
    • Security Risk Management
    • Strategic focus group development
    • Means and methods development
    • Competence and knowledge management

Company

ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.

ASML is headquartered in Veldhoven, the Netherlands.

Offer description

  • Good employee benefits (e.g. work-life balance, pension, lease car, bonus model)
  • Challenging assignments
  • Excellent guidance from your consultant and YER's back office
  • Development opportunities, including the YER Talent Development Programme with a personal coach
  • Intensive support for international candidates (including Dutch lessons, tax-return, and accommodation assistance)
  • Cooperative and results and relationship-driven
  • Friendly atmosphere and open culture
  • Community/network with other technology professionals from a variety of multinationals
  • Events and master classes with interesting speakers and attractive companies


Candidate profile

Education

  • Bachelor/master degree or equivalent combination of education and experience

Experience

  • Minimum of 8 years, ideally over 10 of relevant experience in information security risk management
  • Knowledge of Agile (SAFe/DevOps) and project management methodologies like PRINCE2 and PMBOK
  • A strong background in IT or proven relevant experience in the IT security domain
  • Proven experience with the ISO27001/ISO31000 risk management framework
  • Information security risk management qualifications like CRISC, CISSP, CISA or CISM

Personal skills

  • Strong analytical skills
  • Ability to translate threat, vulnerabilities and risks to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite
  • Pro-active and self-motivated with the proven ability to drive results
  • Strong stakeholder management skills and capable of doing so at various organizational levels
  • Fluent English (written and verbal)
  • Team player and leadership
  • Strong in communication, influencing and negotiating skills
  • Builder of stakeholder networks
  • Able to give direction and good at planning & prioritizing
  • Creative when handling problems independently, commitment and flexibility