Information Security Policy Consultant

  • Aanbod Excellent remuneration
  • Functiegroep IT
  • Dienstverband Fulltime
  • Vacaturenummer 9301200
  • Locatie Veldhoven
  • Contract Detachering via YER, Interim / ZZP
  • Branche Manufacturing

Over deze vacature

We are looking for an experienced Information Security consultant with a strong focus on information security policy management.


  • Supporting the Senior Information Security Specialist, Policy Management in designing, executing and reporting on the Information Security Policy Framework.
  • Supporting the organization by providing guidance in interpreting information security policies and standards and creation of new policies/standards, as necessary
  • Support the Senior Information Security Specialist, Policy Management and the Information Security Risk Manager in designing the Information Security Management System


ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.

ASML is headquartered in Veldhoven, the Netherlands.


You will be employed by YER and seconded to ASML. We offer:

  • Good employee benefits (e.g. work-life balance, pension, lease car, bonus model)
  • Challenging assignments
  • Excellent guidance from your consultant and YER's back office
  • Development opportunities, including the YER Talent Development Programme with a personal coach
  • Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
  • Cooperative and results and relationship-driven
  • Friendly atmosphere and open culture
  • Community/network with other technology professionals from a variety of multinationals
  • Events and master classes with interesting speakers and attractive companies


As Information Security Policy Consultant, you will:

  • Support the design and execution of the Information Security Policy Framework (ISPF)
  • Support the creation and maintenance of information security policies, standards, baselines and guidelines
  • Support the creation and maintenance of the ISPF structure, governance and processes
  • Support the design of the Information Security Management System (ISMS) and linkage to the ISP
  • Support the design and maintenance of the Information Security Requirements Framework
  • Support the design, maintenance and operation of ISPF reporting


A master’s degree in business economics, risk management, technology or equivalent in experience.


  • You have a minimum of 3 years work experience in information security policy management and/or ISMS related assignments
  • Experience on implementation of ISO 27001.
  • Conversant with Risk Management including ISO 27005 and ISO 31000

Certifications and/or Memberships:

  • Academic qualifications are an advantage, but not a substitute for professional experience.
  • Valid industry certifications such as the Certified Information Systems Security Professional (CISSP) and Lead Implementer ISO 27001 are a plus.
  • Experience in ISO 27001 or equivalent are a plus.
  • You are in possession of a valid work permit for The Netherlands.

Personal skills

  • You take initiative, are pro-active and result driven. You are fluent in English
  • You have strong analytical skills, are precise and practical and you are flexible when needed.
  • You have strong writing skills.
  • You have the ability to function in a highly dynamic, demanding environment, as a team player with the ability to work independently.
  • You have the ability to “manoeuvre” between the various communities within our organization.
  • You apply basic knowledge of information security and risk mitigation principles, theories, and techniques in your daily work.
  • You have the ability to communicate and align with the activities of other professionals across sectors.