30+ days ago - req20144

Information Security Risk Manager

Research & development

Other job categories

In a nutshell

Location

San Jose - CA, US

Team

Research & development

Experience

8+ years

Degree

Bachelor

Job Category

Other job categories

Travel

20%

Introduction

ASML US, LP brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers - to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics. Our headquarters are in Veldhoven, the Netherlands, and we have 18 office locations around the United States including main offices in Wilton, CT, Chandler, AZ, San Jose, CA and San Diego, CA.
This position requires access to controlled technology, as defined in the Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be US Citizens that are legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with applicants who are immediately eligible to access controlled technology.

Job Mission

R&D Security Risk Management (RD SRM) operates within the R&D domain, which includes Development & Engineering and System Engineering. The Information Security Risk Manager is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution.

This includes the identification and assessment of risks in a timely manner and the proposal of mitigating controls that conform to company policies, standards and best practices. You will monitor and report adherence to these security controls, and also identify gaps and propose improvements to existing policies, standards and means & methods.

As part of this profile, you will support the RD SRM department as a whole, with responsibility for information security across multiple focus areas, including identity and access management, application security, cloud security, intellectual property protection and projects.

Job Description

  • Perform information security risk management activities across all focus areas. These activities include the execution of generic risk assessments, analysis/evaluation of identified risks and proposed mitigating controls. This may also include:
    • Conducting Information Systems Security Assessments (Application Security)
    • Completing GRC assessments for new business/IT projects (on-premise and cloud)
    • Assessing DevOps environments
  • Prepare risk reports, guiding the process on management response and driving the mitigation of agreed controls
  • Maintain the R&D security risk register (including product security risks)
  • Identify product security exceptions
  • Support the product security incident management process
  • Alignment with other security competences (IT and Business) within the security community
  • Perform generic risk assessments for identified risks and create risk reports
  • Ensure compliance to security policies and standards
  • Provide and contribute to security awareness trainings for specialized topics, such as secure software development.

Education

  • Bachelor degree and relevant education in Information Security. In possession of one or more valid industry certifications (CISM/CISSP). Specialized certifications such as OSCP, GDSA, or GCIH are a plus
  • 7+ years of relevant experience in information security risk management
  • Proven experience with the ISO27001/2 framework; background in ISO31000 is also beneficial
  • Knowledgeable of relevant laws and regulations (privacy and US export regulations)
  • Strong IT security and software architecture knowledge and background

Experience

  • Knowledgeable of relevant laws and regulations (privacy and US export regulations)
  • Strong IT security and software architecture knowledge and background.
  • Knowledge on IaaS and PaaS (information) security risks (preferably on Azure and GCP)
  • Knowledge of open source software
  • Experience in Linux and DevOps environments
  • Familiarity with development and engineering processes, way of working and culture
  • Ability to translate IT threats and vulnerabilities into business risk and drive mitigation
  • Knowledgeable of GDPR European Privacy standard is a plus but not required

Personal skills

  • Strong analytical and problem-solving skills
  • Pro-active and self-motivated with a proven ability to drive results
  • Ability to work effectively in a team environment
  • Excellent communication, influencing and negotiating skills
  • Ability to translate threats, vulnerabilities and risks at the business stakeholder level and drive risk mitigation, dealing with resistance
  • Fluent English (written and verbal)

Context of the position

You are based in San Jose (CA). You will be employed in the R&D Security Risk Management (SRM) team which is part of the Development and Engineering Information Management department. You will be reporting to the US Focus area lead and functionally reporting to the R&D Sector Security Risk Manager.

#LI-141953291_DH1

EOE AA M/F/Veteran/Disability


Learn more about this job