30+ days ago - req16185

Manager Risk & Assurance


Other job categories

In a nutshell


Veldhoven, Netherlands




3-7 years



Job Category

Other job categories




This role will be responsible for strengthening our information security risk and assurance capabilities. In addition, this role will also perform assessments for assurance of compliance to Ensure compliance to security policies and standards.

Job Mission

Ensure information security risks stays within the risk appetite by (early) identification of information security risks, performing risk assessments and drive risk mitigation.

Job Description

Generic activities:

  • Maintain and develop ASML wide Information Security Risk Management means and methods
  • Perform information security risk assessments and propose mitigating controls
  • Drive risk mitigation based on agreed controls
  • Performing Information Security assessments
  • Provide assurance on compliance to Security policies/standards based on ISO27001
  • Maintain the ASML Security risk register and Cross-Sector Security Risk Register.
  • Perform and support risk reporting including tracking KRIs
  • Alignment with the ASML Sectors and their security risk registers
  • Manage the Exception process including reporting on a regular basis
  • Keep up with relevant international legislation, best practices, emerging threats, policies and benchmarks
  • Drive the GRC tooling implementation
  • Be the lead for the following focus groups
  • Information Security Risk Management
  • Strategic focus group development
  • Means and methods development
  • Competence and knowledge management


Bachelor/master degree or equivalent combination of education and experience.


  • Minimum of 5 years of relevant experience in information security risk management
  • Experience in performing Information Security assessments
  • Proven experience with the ISO27001/ISO31000 risk management framework
  • A strong background in IT or proven relevant experience in the IT security domain
  • Information security risk management qualifications like CRISC, CISSP, CISA or CISM
  • Knowledgeable on global Privacy regulations.

Personal skills

  • Strong analytical skills.
  • Ability to translate threat, vulnerabilities and risks to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite.
  • Pro-active and self-motivated with the proven ability to drive results.
  • Strong stakeholder management skills and capable of doing so at various organizational levels
  • Fluent English (written and verbal).
  • Team player with leadership skills.
  • Strong in communication, influencing and negotiating skills.
  • Builder of stakeholder networks
  • Able to give direction and good at planning & prioritizing.
  • Creative when handling problems independently, commitment and flexibility.

Context of the position

The position is based out of the CIS Office reporting to the Manager, CIS Office which is reporting hierarchically and functionally to the CISO of ASML.