30+ days ago - req15918
Security Risk Manager
Other corporate functions
Other job categories
In a nutshell
Other corporate functions
Other job categories
For the Operations sector in ASML we are looking for several Security Risk Managers to further strengthen our ability to manage information security risks.
ASML has an information security governance where information security risk management is embedded on sector level. The Security Risk Manager identifies and assesses potential information security risks, recommends mitigations and helps the risk owners drive the implementation of mitigations to reduce the risk to an acceptable level. Creating awareness and educating stakeholders at different levels within the Operations sector is a key element of the role.
The Security Risk Manager is also involved in ASML wide and/or Operations Sector specific projects to strengthen and mature the information security capabilities of ASML.
Ensure that information security risks do not exceed the organization risk appetite by timely identifying risks and maintaining the security risk register, assessing risks, drive risk mitigation and monitor and report on progress.
- Perform an intake on new projects and changes, determine the information security impact and provide policies, guidance and advice to stimulate ‘security by design’; depending on the nature of the project more or less involvement will be required throughout the project
- Perform and/or facilitate information security risk assessments, report on findings and recommend mitigations
- Drive mitigation of risks; propose mitigating controls in accordance with sector risk appetite and the security policies and standards and drive implementation and use
- Align with IT security department and with the physical security department based on outcomes of risk assessments; help define the implementation of additional measures and capabilities
- Support the implementation of security capabilities within the sector
- Act a security expert in the areas of Access Control, Communication Security, Incident Management, Supplier & Customer Relationship, Training & Awareness, Asset Management, Business Continuity Management, Operations Security and System Acquisition, Dev & Maintenance
- Liaise with the Privacy Office on privacy related topics and with Compliance on other regulatory requirements
- Register, investigate and report on information security incidents
- Ensure compliance to security policies and standards
- Keep up with relevant international legislation, emerging threats, forecasts, policies and benchmarks
- Support the identification of business managed applications and assets within the sector for improving incident resolution and facilitate network segmentation
- Advise application teams on authorization clean-up and role model design
- Design and/or provide input on a business role model to be used for job functions and/or departments (across applications)
- Master's degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering)
- Information security risk management qualifications like CISA, CISM, CRISC. Optionally CISSP
- Minimum of 4 years of relevant experience in information security risk management
- Knowledge of and experience with security standards and frameworks, especially ISO27001/2
- Preference: Knowledge of the processes, application landscape and stakeholders within the ASML Operations sector
- Ability to recommend mitigating measures using a combination of IT and non-IT measures
- Good advisory skills; able to get acknowledgement and commitment on assessment results and proposed mitigations across stakeholders with different interests
- Strong analytical skills
- Relationship builder; able to create and maintain a trusted network on all levels
- Good communication, influencing and negotiating skills
- Pro-active and self-motivated with the proven ability to drive results
- Pragmatic, hands-on mentality, motivated by realizing goals rather than personal acknowledgement
- Creative when handling problems
- Flexible, adapting to company culture and individual behavior
- Fluent in English (written and verbal)
Context of the position
As Security Risk Manager you are part of the OSE department and will report to the Senior Security Risk Manager Operations.
The OSE department drives and supports improvements in business processes and IT tooling for the ASML Operations sectors. We do this through several distinct services; e.g. Business Architecture, Information Management/Portfolio management, Program/Project Management, Business Intelligence, Master Data Management. The main units of the Operation sector are: Manufacturing, Customer Support, Supply Chain Management, Corporate Real Estate and Environment Health & Safety.
You are based in Veldhoven, the Netherlands. You are a member of the ASML Security community; working closely together with the Security Risk Managers in other sectors and with (senior) business stakeholders in the Operations sectors.
ASML creates the conditions that enable you to realize your full potential. We provide state-of-the-art facilities, opportunities to develop your talents, international career opportunities, a stimulating and inspiring environment, and most of all, the commitment of a company that recognizes and rewards outstanding performance. What is working at ASML like?
Check this out: https://www.youtube.com/watch?v=qXpAMguP-vQ
Our selection process includes an online Talent Exploration that gathers information about your key drivers, your personal values, motivators and career ambitions. The Talent Exploration enables both you and us to explore if there is a mutual match - not only for today, but also for your future career at ASML.
Please note that at the moment we have several interesting opportunities within our team – based on your experience and ambitions we will determine the best match together with you.