Secondment via YER, Interim/independent
IT & Telecom, High Tech
Over deze vacature
In an intellectual property-intensive multinational as ASML, with its core business in R&D, manufacturing and customer support, it is critical that security is embedded into processes, projects and technologies by design.
ASML’s security organization is supporting the business in its mission and provides the expertise and services to enable risk-based decisions in implementing and operating an efficient set of security measures. The objective of the security organization is protection of ASML’s information, Intellectual Property (IP) and assets, and that of ASML’s customers and suppliers.
In an organization that is rapidly growing and constantly evolving and pivoting to create the next innovation, there are many moving parts in the business, the larger ecosystem we are part of, our IT and our risk landscape. This requires a focus on the security of the current and future organization and information it processes.
ASML’s technology security competence center is looking to strengthen its security architecture team and is looking for a Security Architect.
As a security architect your mission is to secure ASML by applying a hacker mindset into the design of systems while thinking of operational embedding through training, governance and processes. You drive the secure adoption of new technologies by creating security standards and patterns and advice about the best ways to implement security measures to meet business and maintain and apply your expertise to educate the organization teams. You drive the implementation of security tooling to strengthen our identification, prevention, detection and response capabilities.
Role and responsibilities
To be The security architect will be responsible for the following activities and functions:
- Supporting projects and the risk managers in performing security risk assessments at design and implementation phases of projects. Follow-up any potential findings by proposing risk reducing measures
- Provide advise on how identified risks can be mitigated and practical guidance on how to achieve the best balance between risk and needs
- Translate the relevant security policies, standards and best practices into practical guidance and help identify solutions
- Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
- Participate in application and infrastructure projects to provide security-planning advice
- Draft security policies and standards to be reviewed and approved by executive management and/or formally authorized by the CISO
- Conduct or facilitate threat modelling of services and applications that tie to the risk and data associated with the service or application
- Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
- Effectively collaborate with other (security) architects for quality assurance, information sharing, prioritizing and distributing the architecture workload
- Document and effectively communicate design decisions
- Build excellent working relationships with the project team members and all project stakeholders, including security risk officers and IT Operational staff
ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.
ASML is headquartered in Veldhoven, the Netherlands.
You will be employed by YER and seconded to ASML. We offer:
- Good employee benefits
- Challenging assignments
- Excellent guidance from your consultant and YER's back office
- Development opportunities, including the YER Talent Development Programme with a personal coach
- Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
- Cooperative and results and relationship-driven
- Friendly atmosphere and open culture
- Community/network with other technology professionals from a variety of multinationals
- Events and master classes with interesting speakers and attractive companies
Freelancers also welcome to apply!
Education and experience
- Master's degree in computer science, information systems, information management, cybersecurity, or a related field. Any of the following certifications are a plus: CISSP, TOGAF, SANS’ GIAC, SABSA (SCF).
For this role, we are looking for someone with 3 – 7 years of work experience in working in IT security across several IT domains. To perform the role successfully a solid understanding of an IT environment and its business needs is required, along with the security expertise to assess and mitigate the (domain specific) security risks with secure designs. The ideal candidate needs to be looking for an opportunity to become an architect and to broaden their view on how security helps to improve/enable the business.
You must be able to demonstrate:
- Strong conceptual knowledge of cyber security
- Excellent understanding of security operations (SOC) and tooling to support its processes
- Full-stack knowledge of IT infrastructure on all technology layers and ITIL processes
- Hands on experience to review security architecture & able to provide expert feedback
- Knowledge of Business Process Management (frameworks)
- Experience designing the deployment of applications and infrastructure into public cloud services
- Experience in both the people & processes side of security as well as technology security capabilities
- You are familiar/have experience with the following regulations, standards and frameworks:
- NIST Cybersecurity Framework (CSF)
- IOT Security Compliance Framework
- ISO 31000
- General Data Protection Regulation (GDPR)
You are able to think conceptually about security, can bring overview to problems, can communicate that effectively and can quickly identify key issues to be resolved. This means someone who can create an oversight of what we have, see common denominators, bring structure and present it in a way that is clear to everyone.
Being able to create abstract diagrams and good visualization skills in order to be able to translate them into architectural drawings are very important in this role.
It is important to have good communication skills as you will be in contact with different teams and stakeholders. You need to be comfortable presenting your findings and advising on best course of action.
The main behaviors and competencies:
- Business Acumen
- Conceptual Thinking
- Openness to Learning
- Great communication skills
- Outstanding analytical and critical thinking skills
- Strategic planning
- Content Leadership
- Project management