23 days ago - req20145

Sr. Information Security Risk Manager

Research & development

Other job categories

In a nutshell

Location

Wilton - CT, US

Team

Research & development

Experience

8+ years

Degree

Bachelor

Job Category

Other job categories

Travel

No

Introduction

ASML US, LP brings together the most creative minds in science and technology to develop lithography machines that are key to producing faster, cheaper, more energy-efficient microchips. We design, develop, integrate, market and service these advanced machines, which enable our customers - the world’s leading chipmakers - to reduce the size and increase the functionality of their microchips, which in turn leads to smaller, more powerful consumer electronics. Our headquarters are in Veldhoven, the Netherlands, and we have 18 office locations around the United States including main offices in Wilton, CT, Chandler, AZ, San Jose, CA and San Diego, CA.
This position requires access to controlled technology, as defined in the Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with applicants who are immediately eligible to access controlled technology.

Job Mission

R&D Security Risk Management (SRM) operates within the R&D domain, which includes Development & Engineering, System Engineering and all Business Lines. The Senior Information Security Risk Manager is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution.
Ensure security risks do not exceed the risk appetite by identifying and assessing risks in a timely manner, proposingmitigating controls that conform to policies, standards and best practices. Identify gaps, and propose improvements to existing policies, standards and means & methods. Monitor and report adherence to required security controls.
As part of this profile, you will be responsible for information security across several focus areas, including application security, assurance, and project security. In addition, you will be expected to perform/assist in generic security risk assessments and support the SRM department as a whole.

Job Description

  • Perform information security risk management activities across all focus areas. These activities include the execution of generic risk assessments, analysis/evaluation of identified risks and proposed mitigating controls. This may also include:
  • Conducting Information Systems Security Assessments (Application Security)
  • Completing GRC assessments for new business/IT projects (on-premise and cloud)
  • Assessing DevOps environments
  • Prepare risk reports, guiding the process on management response and driving the mitigation of agreed controls
  • Maintain the R&D security risk register (including product security risks)
  • Identify product security exceptions
  • Support the product security incident management process
  • Alignment with other security competences (IT and Business) within the security community
  • Perform generic risk assessments for identified risks and create risk reports
  • Ensure compliance to security policies and standards
  • Provide and contribute to security awareness trainings for specialized topics, such as secure software development.

Education

  • Bachelor degree and relevant education in Information Security.
  • In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
  • 7+ years of relevant experience in information security risk management.

Experience

  • Proven experience with the ISO27001/2 framework; background in ISO31000 is also beneficial.
  • Knowledgeable of relevant laws and regulations (GDPR, privacy and US export regulations).
  • Proven knowledge and experience in the IT security domain.
  • Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP.
  • Knowledge of Identity and Access Management processes.
  • Familiarity with development and engineering processes, way of working and culture.
  • Ability to translate IT threats and vulnerabilities into business risk and drive mitigation.

Personal skills

  • Strong analytical and problem-solving skills.
  • Pro-active and self-motivated with a proven ability to drive results.
  • Ability to work effectively in a team environment.
  • Excellent communication, influencing and negotiating skills.
  • Ability to translate threats, vulnerabilities and risks at the business stakeholder level and drive risk mitigation, dealing with resistance.
  • Fluent English (written and verbal).

Context of the position

You will be based in Wilton (CT) and be employed in the R&D Security Risk Management (SRM) team, which is part of the Development and Engineering Information Management department. You will be reporting to the US Focus area lead and functionally reporting to the R&D Sector Security Risk Manager.
You will become a member of the ASML Security community, also collaborating with the Security Risk Managers in other sectors.

#LI-141953291_DH1

EOE AA M/F/Veteran/Disability