21 days ago - req17712

Lead Security Architect

IT

Computer science & software engineering

In a nutshell

Location

Veldhoven, Netherlands

Team

IT

Experience

8+ years

Degree

Master

Job Category

Computer science & software engineering

Travel

No

Job Mission

The lead Security Architect will be responsible for creating and maintaining Security Principles, Enterprise Security Reference Architecture, Security Architecture Strategy & Innovation. Leading the IT security architecture team and build the capabilities in the team. Be trusted advisor for the whole of ASML security and Head of the Technology Security Competence Center, Information Security Risk manager for IT and Chief Information Security Officer. Play a significant role in large scale and/or complex projects and manage creation of security design of IT security solutions and security solutions for specific projects that are implemented. The goal is protection of ASML’s information, Intellectual Property (IP) and assets, and that of ASML’s customers and suppliers. The Lead Security Architect is can be partly project member of large projects, whilst managing the domain and solution architects.

Job Description

- Delivers, owns and develops the (IT/Technology) security enterprise security architecture.
- Be the point of contact for IT and Information security subjects within the project team.
- Participates in ASML architecture bodies.
- Delivers & owns Security Principles
- Delivers & owns Contextual & Conceptual level security (reference) architecture
- Supplies security input / review for Enterprise Architecture / IT Strategy
- Reviews the domain architecture deliverables of the security services
- Develop the Security support models for Projects (PMM), DevOps, Lean, etc.
- Work in close coordination with other Technical leads in the IT Security teams
- Attends Architecture boards, strategy meetings, road-mapping workshops, etc., in agreement with Head, Security Architecture and Application Security
- Build excellent working relationships with the project team members and all project stakeholders, including security risk officers and IT Operational staff.
- Present the security design at relevant security, architecture and risk boards, defending the design and ensuring project timelines are not hampered by security / risk discussions.

Education

Masters' degree or equivalent through experience.

Experience

- Master level with more than 8 years’ experience in the IT and information Security field.
- More than 5 years’ broad experience as lead Security Architect.
- Experience with both business as well as technical side of IT Security and information security
- Working knowledge of Architecture methodologies such as ToGAF, SABSA or equivalent.
- Experience in gaining approval of security designs from Business, Architecture & Risk management approval boards
- Translating the output of security (risk) assessment into security design.
- Communicating with Stakeholders, users and Senior management

Personal skills

- Able to operate independently, self-starter
- Ability to interact with all levels including users, engineers, executives and senior managers
- Deep technical knowledge of IT-security, Enterprise Information Security and Architecture methodology.
- Ability to overcome organizational resistance
- Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments
- Able to lead small team of architects
- Analytical, precise, tenacious, autonomous
- Able to digest large amounts of new information quickly, and derive key security requirements
- Able to grasp the deep technical characteristics of new environments quickly
- Able to draft clear and concise visualizations of complex environments
- Able to fairly represent conflicting stakeholder needs to enable informed decision-making
- Able to stand your ground in a flexible / changing environment
- (Security) Architecture certification is a must.
- CISSP/CISM/ CISA or equivalent is a plus.
- Security/Technical/IT/informatics background Master’s degree (or equivalent experience)
- Deep Knowledge of current security technologies and governance processes
- In-depth working knowledge of IT Risk / security frameworks and best practices, e.g.:
NIST Cyber Security Framework
ISF Standard of Good Practice for Information Security
NIST SP 800 30 framework
ISO 27001/2 framework