30+ days ago - req14387

Sr. Security Risk Manager R&D

Research & development

Other job categories

In a nutshell

Location

Veldhoven, Netherlands

Team

Research & development

Experience

8+ years

Degree

Bachelor

Job Category

Other job categories

Travel

No

Introduction

Managing information security risks in the development and engineering domain is a challenging security position in an Intellectual Property driven company. R&D Security Risk Management (SRM) operates across Development & Engineering and Business lines and is part of the corporate security governance.

Job Mission

Ensure information security risks stays within the risk appetite by (early) identification of information security risks, performing risk assessments and drive risk mitigation.

Job Description

Generic activities

  • Maintain and develop Information Security Risk Management means and methods
  • Perform information security risk assessments and propose mitigating controls
  • Drive risk mitigation based on agreed controls
  • Maintain the R&D security risk register and perform and support risk reporting
  • Ensure compliance to security policies and standards
  • Alignment with the IT security department on the infrastructure security related matters linked to R&D information security risks
  • Keep up with relevant international legislation, best practices, emerging threats, policies and benchmarks
  • Be the lead for the following focus groups
  • Information Security Risk Management
  • Cloud information security and ensure;
  • Strategic focus group development
  • Means and methods development
  • Competence and knowledge management

Education

Bachelor/master degree or equivalent combination of education and experience.

Experience

  • Minimum of 8 years of relevant experience in information security risk management
  • A strong background in IT or proven relevant experience in the IT security domain
  • Proven experience with the ISO27001 risk management framework
  • Information security risk management qualifications like CISSP, CISA or CISM
  • Knowledgeable on GDPR and US export regulations

Personal skills

  • Strong analytical skills.
  • Ability to translate threat, vulnerabilities and risks to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite.
  • Pro-active and self-motivated with the proven ability to drive results.
  • Strong stakeholder management skills and capable of doing so at various organizational levels
  • Fluent English (written and verbal).Team player and leadership.
  • Strong in communication, influencing and negotiating skills.
  • Builder of stakeholder networks
  • Able to give direction and good at planning & prioritizing.
  • Creative when handling problems independently, commitment and flexibility.

Context of the position

You will be employed in the R&D Security Risk Management team which is part of the D&E Information Management department, reporting hierarchically to the EVP D&E and functionally to the CISO. R&D SRM is one of the six SRM teams across ASML, each covering their specific organizational area and with which you will be aligning and collaborating.