30+ days ago - req20145
Information Security Risk Manager
Research & development
Other job categories
In a nutshell
Wilton - CT, US
Research & development
Other job categories
IntroductionASML US, LP brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers - to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics. Our headquarters are in Veldhoven, the Netherlands, and we have 18 office locations around the United States including main offices in Wilton, CT, Chandler, AZ, San Jose, CA and San Diego, CA.
This position requires access to controlled technology, as defined in the Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with applicants who are immediately eligible to access controlled technology.
Job MissionR&D Security Risk Management (RD SRM) operates within the R&D domain, which includes Development & Engineering and System Engineering. The Information Security Risk Manager is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution.
This includes the identification and assessment of risks in a timely manner and the proposal of mitigating controls that conform to company policies, standards and best practices. You will monitor and report adherence to these security controls, and also identify gaps and propose improvements to existing policies, standards and means & methods.
As part of this profile, you will support the RD SRM department as a whole, with responsibility for information security across multiple focus areas, including identity and access management, application security, cloud security, intellectual property protection and projects.
- Perform information security risk management activities across all focus areas. These activities include the execution of generic risk assessments, analysis/evaluation of identified risks and proposed mitigating controls. This may also include:
- Conducting Information Systems Security Assessments (Application Security)
- Completing GRC assessments for new business/IT projects (on-premise and cloud)
- Assessing DevOps environments
- Prepare risk reports, guiding the process on management response and driving the mitigation of agreed controls
- Maintain the R&D security risk register (including product security risks)
- Identify product security exceptions
- Support the product security incident management process
- Alignment with other security competences (IT and Business) within the security community
- Perform generic risk assessments for identified risks and create risk reports
- Ensure compliance to security policies and standards
- Provide and contribute to security awareness trainings for specialized topics, such as secure software development.
- Bachelor degree and relevant education in Information Security.
- In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
- 7+ years of relevant experience in information security risk management.
- Proven experience with the ISO27001/2 framework; background in ISO31000 is also beneficial.
- Knowledgeable of relevant laws and regulations (GDPR, privacy and US export regulations).
- Proven knowledge and experience in the IT security domain.
- Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP.
- Knowledge of Identity and Access Management processes.
- Familiarity with development and engineering processes, way of working and culture.
- Ability to translate IT threats and vulnerabilities into business risk and drive mitigation.
- Strong analytical and problem-solving skills.
- Pro-active and self-motivated with a proven ability to drive results.
- Ability to work effectively in a team environment.
- Excellent communication, influencing and negotiating skills.
- Ability to translate threats, vulnerabilities and risks at the business stakeholder level and drive risk mitigation, dealing with resistance.
- Fluent English (written and verbal).
Context of the positionYou will be based in Wilton (CT) and be employed in the R&D Security Risk Management (SRM) team, which is part of the Development and Engineering Information Management department. You will be reporting to the US Focus area lead and functionally reporting to the R&D Sector Security Risk Manager.
You will become a member of the ASML Security community, also collaborating with the Security Risk Managers in other sectors.
EOE AA M/F/Veteran/Disability