Security Risk Management Specialist

  • Vakgebied IT
  • Dienstverband Fulltime
  • Vacaturenummer VAC-10013176
  • Locatie Veldhoven
  • Type overeenkomst Secondment via YER, Interim/independent
  • Branche IT & Telecom

Over deze vacature



ASML brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers – to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics. ASML employs over 25000 employees, has offices in US, Asia and Europe and is headquartered in Veldhoven, the Netherlands.



Job Mission

The security risk manager, in the security governance & risk team, is responsible for:

  • Supporting the development and maintenance of Security Risk Management means and methods to be applied across Sectors, including the implementation of a GRC Tool
  • Support the CSMR connecting the SRMs community across sectors/function
  • Support the consolidation and aggregation of security risk and report to the CISO/CRC.
  • Support the IT SRM (and CSRM where needed) in performing Risks analysis, assess the coherence and dependencies and propose mitigating measures
  • Support the coordination Risk horizon workshop and RLOS (Risk Line of Sight) meeting with Executive (Planning, sharing, coordinating and follow up activities)


Job Description

As a risk management specialist in the central security risk management team you are responsible for ensuring that the security risk management sectors can collaborate effectively and have the means available to report to their stakeholders in an effective manner. You will work with the team on defining and formalizing the means and methods used by the security risk management community.

Your responsibilities include, but are not limited to:


  • Align risk reporting requirements of multiple stakeholders.
  • Advise on security risk management topics and implementation of means and methods of security risk management. Helping to lift the security risk management competence to a higher maturity level.
  • Support in the creation of dashboards and periodic reports on the status of risk management activities to (senior) management.
  • Contribute to priority setting on security roadmap initiatives using a risk based approach.
  • Assist in the establishment and implementation of risk management frameworks.
  • Collaborate with stakeholders within the risk & business assurance community on implementing tooling to support governance, risk and compliance processes.



Key Issues Facing Your Job

The key challenge of the role is to align requirements of a large number of stakeholders and find solutions that can satisfy all stakeholders. It is critical for stakeholder to have a clear, consistent view of risks that can impact the organization. Therefore processes and tooling needs to be in place to make this information available to decision makers when they need it. Consistency in reporting and the outcome of the risk management processes is of the utmost importance to ensure we can support the growth of the company. By creating comprehensive risk controls frameworks we remain in control of the various initiatives that are ongoing in a big organization by ASML and we ensure that teams are aware of their responsibilities in keeping ASML secure.



Key Decisions

Primary decisions revolve around selecting which requirements to bring into reporting templates. How to shape the security risk management means and methods and which control frameworks to adapt.





You will work within the central security risk management team which is part of the security governance & architecture department of risk and business assurance. A multidisciplinary team that is primarily responsible for working with all of the sector risk management teams on effective security risk management practices.



Security Risk Manager within ASML Security and part of the Sector Risk Managers (SRMs) teams


Other significant relationships – internal

You are expected to communicate with various business representatives within the organization to both align on their needs and to explain why and how implemented means and methods and reporting can help them in their daily responsibilities.


Other significant relationships – external

Alignment with governing bodies to be aware of changes in laws and regulations and tracking changes to frameworks such as ISO27001 is required.

Context of the position

Products/services/technology and market dynamics:

The security governance and risk team is responsible for the central security risk management role and means and methods. We support the sector risk teams by providing guidance in how to operate and collaborate most effectively. We also support in the creation of annual security roadmap, hold bi-annual risk horizon sessions to pro-actively respond to an ever changing risk landscape and work on structuring the risk line of sight reporting for senior management. The department is also heavily involved in the implementation of tooling to support the entire risk and business assurance community at ASML.



Position in the value chain:

Risk and business assurance is a corporate function who’s responsibility it is to ensure that ASML can grow securely, that our IP remains secure and that the business is enabled through risk aware decision making processes.



ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.

ASML is headquartered in Veldhoven, the Netherlands.


Freelance OR

You will be employed by YER and seconded to ASML. We offer:

  • Good employee benefits
  • Challenging assignments
  • Excellent guidance from your consultant and YER's back office
  • Development opportunities, including the YER Talent Development Programme with a personal coach
  • Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
  • Cooperative and results and relationship-driven
  • Friendly atmosphere and open culture
  • Community/network with other technology professionals from a variety of multinationals
  • Events and master classes with interesting speakers and attractive companies



Bachelor level position with a focus on information security and/or business management.




  • 6+ years of experience working in a risk management role. Preferably within a large high tech organization.
  • 6+ in a (Big4) consultancy organization
  • CISA, CISM, CISSP, CRISC, ISO2700/1/2, ISO31000 knowledge and/or certification is a big plus.
  • Experience in developing risk control frameworks.
  • Experience in stakeholder management & communicating with senior management.
  • Experience in process design.
  • Experience with ServiceNow GRC tooling is a plus.



Personal skills

  • Ability to hit the ground running and come with proposals from day one
  • Great communication skills
  • Highly motivated and with demonstrable leadership attributes
  • Outstanding analytical and critical thinking skills, focused on Risks
  • Extremely diligent and attentive to details
  • Effective communicator at all levels with excellent writing skills
  • Ability to cope under pressure and balancing multiple priorities