6 days ago - req20144

Information Security Risk Manager

Research & development

Other job categories

In a nutshell


San Jose - CA, US


Research & development


8+ years



Job Category

Other job categories




ASML US, LP brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers - to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics. Our headquarters are in Veldhoven, the Netherlands, and we have 18 office locations around the United States including main offices in Wilton, CT, Chandler, AZ, San Jose, CA and San Diego, CA.

Managing information security risks in the R&D domain is a challenging security position in an intellectual property-driven company. R&D Security Risk Management (SRM) operates across the Development & Engineering, Research and Business Line Applications organizations, and is part of the corporate security governance.

Job Mission

To ensure that R&D information security risks do not exceed ASML’s risk appetite through early identification, assessment and mitigation.

Job Description

  • Perform information security risk assessments across a variety of platforms and applications
  • Prepare risk reports, proposing mitigating controls and recommendations to business stakeholders
  • Assess new devices being introduced into our R&D network - ensuring proper security controls are in place
  • Ensure the protection of our intellectual property through stakeholder engagement and awareness
  • Alignment with the IT Security department on security matters linked to R&D information assets/risks
  • Work across different engineering teams to assist us in improving the security of our products
  • Ensure compliance with security policies and standards
  • Remain up-to-date with emerging threats, best practices and relevant legislation


  • Bachelor’s/Master’s degree in Information Security, Computer Science or equivalent related work experience


  • 3-5 years of information security experience
  • A strong background in Information Technology or relevant experience in the IT security domain
  • Proven experience with the ISO27001 framework, as well as industry standards and best practices
  • Solid understanding of networking, protocols, firewalls and operating system security principles
  • Relevant security certifications preferred (but not required) include CISSP, CISM, CRISC, Security + or CCSP
  • High-level understanding of cloud security principles, including security controls and best practices
  • Experience working in or supporting a DevOps environment is a plus
  • Ability to travel (up to 10%)

Personal skills

  • Strong communications skills, with the ability to influence, negotiate and build consensus with key stakeholders
  • Ability to translate threats and vulnerabilities into risks at the business stakeholder level and drive risk mitigation, dealing with resistance
  • A proactive self-starter with the ability to drive results
  • Fluent English (written and verbal)
  • Strong analytical and problem - solving skills with attention to detail
  • Ability to work effectively in a team environment where flexibility, creativity, and commitment are important

Context of the position

  • You will be part of the R&D Security Risk Management team (R&D SRM) located in the US. This position works with local engineering teams and developers in San Jose, CA, and requires collaboration with other R&D SRM team members based out of Europe.
  • To qualify for this role you must be able to work primarily onsite at our Silicon Valley campus. This position will require access to controlled technology, as defined in the Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require the us to proceed with candidates who are immediately eligible to access controlled technology.
  • Visa Sponsorship is not being offered for this position, so you must be a US Citizen or current GC holder to be considered for this full-time position. NO C2C candidates are being considered at this time.

EOE AA M/F/Veteran/Disability


Learn more about this job