10 days ago - req15023

Security Risk Manager

Other corporate functions

Other job categories

In a nutshell

Location

Veldhoven, Netherlands

Team

Other corporate functions

Experience

8+ years

Degree

Master

Job Category

Other job categories

Travel

No

Introduction

For the Operations sector in ASML we are looking for a Security Risk Manager to further strengthen our ability to manage information security risks.
ASML has an information security governance where information security risk management is embedded on sector level. The Security Risk Manager identifies and assesses potential information security risks, recommends mitigations and helps the risk owners drive the implementation of mitigations to reduce the risk to an acceptable level. Creating awareness and educating stakeholders at different levels within the Operations sector is a key element of the role.
The Security Risk Manager is also involved in ASML wide and/or Operations Sector specific projects to strengthen and mature the information security capabilities of ASML. One of these projects is the implementation of an Identity Governance & Administration solution. In the coming year the candidate will spend a significant part of his time as IAM Business Support Officer, facilitating the on-boarding of additional applications to the solution. In this role he will liaise between the application owners and application teams on one hand and the agile development teams on the other.

Job Mission

Ensure that information security risks do not exceed the organization risk appetite by timely identifying risks and maintaining the security risk register, assessing risks, drive risk mitigation and monitor and report on progress.

Job Description

Security Risk Management tasks:
- Identify and provide advice on strategic and tactical information security risks within the sector
- Support the implementation of security capabilities within the sector
- Drive mitigation of risks; propose mitigating controls in accordance with sector risk appetite and drive implementation and use
- Formulate, assess and maintain the information security risks in the Risk Register; prepare periodic reports and help to get a clear oversight on the status of current security controls for the sector
- Generate demand towards IT Security and Physical Security based on outcomes of risk assessments; help define the implementation of additional measures and capabilities
- Act a security expert in the areas of security awareness, user access, incidents, sourcing, cloud and liaises with the Privacy Office on privacy related topics
- Act as sounding board to sector management
- Register, investigate and report on information security incidents
- Perform and/or facilitate information security risk assessments on applications, report on findings and recommend mitigations
- Perform an intake on new projects and changes, determine the information security impact and provide policies, guidance and advice to stimulate ‘security by design’; depending on the nature of the project more or less involvement will be required throughout the project
- Ensure compliance to security policies and standards
- Align with IT security department on IT infrastructure security and with the Physical security department on Physical Security
- Keep up with relevant international legislation, emerging threats, forecasts, policies and benchmarks
- Support the classification, ownership and information governance access rules on information types within the sector
- Support the identification of business managed applications and assets within the sector for improving incident resolution and facilitate network segmentation
- Ensure Cloud Applications procured by the sector are compliant with Security policy and standards and follow the procurement/IT Security onboarding process

IAM Business Support Officer tasks:
- Organize and perform the intake for new applications to be on-boarded; drive the risk classification, connector type, priority and high level estimate for the application to be on-boarded
- Help clarify business and functional requirements to the development team
- Advise the application teams on authorization clean-up and role model design
- Design and/or provide input on a business role model to be used for job functions and/or departments (across applications)
- Review functional designs and support user acceptance tests
- Facilitate issue resolution and overall progress
- Report on progress to portfolio owners
- Manage sector budget for on-boarding
- Monitor the Joiner, Mover, Leaver and Access Request processes in the sector and monitor adherence to the IAM procedures
- Manage changes to sector specific rules & roles that provide access to the end users
- Inform and advice on IAM solution directions to application owners in the sector
- Solve complex (2nd line) incidents

Education

-Master degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering)
-Information security risk management qualifications like CISA, CISM, CRISC. Optionally CISSP

Experience

-Minimum of 7 years of relevant experience in information security risk management
-Knowledge of and experience with security standards and frameworks, especially ISO27001/2
-Strong preference: Knowledge of the processes, application landscape and stakeholders within the ASML Operations sector
-Knowledge of and experience with identifying information security risks from a value chain perspective
-Ability to recommend mitigating measures using a combination of IT and non-IT measures
-Ability to manage the implementation of measures or security capabilities within the sector

Personal skills

-Relationship builder; able to create and maintain a trusted network on all levels
-Good communication, influencing and negotiating skills
-Able to convince, inspire and motivate people
-Strong analytical skills
-Pro-active and self-motivated with the proven ability to drive results
-Pragmatic, hands-on mentality, motivated by realizing goals rather than personal acknowledgement
-Able to give direction, plan and prioritize
-Creative when handling problems
-Flexible, adapting to company culture and individual behavior
-Fluent in English (written and verbal)

Context of the position

As Security Risk Manager you are part of the OSE department and will report to the Senior Security Risk Manager Operations.
The OSE department drives and supports improvements in business processes and IT tooling for the ASML Operations sectors. We do this through several distinct services; e.g. Business Architecture, Information Management/Portfolio management, Program/Project Management, Business Intelligence, Master Data Management. The main units of the Operation sector are: Manufacturing, Customer Support, Supply Chain Management, Corporate Real Estate and Environment Health & Safety.
You are based in Veldhoven, the Netherlands. You are a member of the ASML Security community; working closely together with the Security Risk Managers in other sectors and with (senior) business stakeholders in the Operations sectors.

Other information

ASML creates the conditions that enable you to realize your full potential. We provide state-of-the-art facilities, opportunities to develop your talents, international career opportunities, a stimulating and inspiring environment, and most of all, the commitment of a company that recognizes and rewards outstanding performance. What is working at ASML like?
Check this out: https://www.youtube.com/watch?v=qXpAMguP-vQ
Our selection process includes an online Talent Exploration that gathers information about your key drivers, your personal values, motivators and career ambitions. The Talent Exploration enables both you and us to explore if there is a mutual match - not only for today, but also for your future career at ASML.