secondment via YER
Over deze vacature
The Cloud Infrastructure Security Manager will be responsible for the protection of ASML’s information, Intellectual Property (IP) and assets, and that of ASML’s customers and suppliers developed and used within ASML’s Public cloud (IAAS, PAAS), through the set-up and/or alignment of ASML Information Security strategies and security standards/ guidelines while interfacing with the Business, and enforcing system, application, and access security controls within the cloud. This position will continuously assess and report upon the effectiveness of the security controls of the cloud at people, processes, and technology levels. The Cloud Infrastructure Security Manager is a member of ASML’s Cloud Center of Excellence (CCoE).
- Be the single point of contact for IT and Information security subjects within the Cloud Center of Excellence (CCoE).
- Develop and create a cloud-native security control framework.
- Develop, design, and maintain Cloud security standards, guidelines and procedures to assure effective secured Cloud services and data protection within the IAAS/PAAS domain.
- Regularly assess Cloud services (people, process, technology) for security updates and report upon findings, conclusions and next steps.
- Conduct, in close cooperation with the IT Security Risk Manager, security risk assessments upon new cloud services to be developed and used within ASML’s public Cloud and propose risk-reducing measures.
- Assess and support mitigation of the risks associated with ASML’s public cloud to assure a continuously adequate level of security.
- Build excellent working relationships within ASML’s CCoE members and all cloud service users, including security officers and developers of new cloud services.
- Support ASML Cyber Defence Organization (CDO) activities and ensure 7/24/365 response on any major IT security incidents related to ASML’s IAAS/PAAS domain.
ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.
ASML is headquartered in Veldhoven, the Netherlands.
- Good employee benefits (e.g. work-life balance, pension, lease car, bonus model)
- Challenging assignments
- Excellent guidance from your consultant and YER's back office
- Development opportunities, including the YER Talent Development Programme with a personal coach
- Intensive support for international candidates (including Dutch lessons, tax-return, and accommodation assistance)
- Cooperative and results and relationship-driven
- Friendly atmosphere and open culture
- Community/network with other technology professionals from a variety of multinationals
- Events and master classes with interesting speakers and attractive companies
- CCSP or comparable Cloud security certification is a must.
- CISSP/CISM/CISA is a plus.
- Technical/IT/informatics background bachelor degree (or equivalent experience)
- Deep Knowledge of current Cloud technologies (e.g. IAAS, PAAS, VM’s) and governance (processes)
- Experience with AZURE, Google and AWS cloud technology (IAAS/PAAS) is a plus.
- IT risk assessment frameworks e.g.
- CSC Top 20 Controls
- Cloud Security Alliance (CSA)
- NIST SP 800 30 frameworks
- ISO 27001 framework
Over 5 years’ experience as an IT Security professional in:
- Cloud security (IAAS/PAAS) governance and defining and maintaining Cloud Security framework (Policies, Standards, processes, templates).
- Conducting Security Assessments (reactive) and Security Risk Assessments (proactive) within a Cloud environment.
- Translating the output of security (risk) assessment into security baseline/corrective actions and proposals for the Private Cloud services
- Communicating with Stakeholders, users and Senior management
- Able to operate independently
- Ability to interact with all levels including engineers, executives and senior managers
- Deep technical knowledge of Information Security and Cloud technology.
- Ability to overcome organizational resistance
- Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
- Analytical, precise, tenacious, autonomous