10 days ago - req21746
Sr. Information Security Assurance lead
Research & development
Other job categories
In a nutshell
Research & development
Other job categories
ASML is the largest supplier in the world of photolithography systems for the semiconductor industry and manufactures machines for the production of integrated circuits. It is a heavily R&D driven company, and as such, it is critical that we properly safeguard our intellectual property. As an information security manager, you will manage information security risks within the R&D domain, which is a challenging position in an intellectual property-driven enterprise.
R&D Security Risk Management (SRM) operates within the R&D domain, which includes Development & Engineering, System Engineering and all Business Lines. R&D SRM is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution.
Ensure security risks do not exceed the risk appetite by identifying and assessing risks in a timely manner, proposingmitigating controls that conform to policies, standards and best practices. Identify gaps, and propose improvements to existing policies, standards and means & methods. Monitor and report adherence to required security controls.
R&D Security risk management (SRM) is organized into Focus areas. You will be responsible for the Focus Area ‘Assurance’ where you will manage a small team. Attention areas are Cloud (IaaS/PaaS), Export compliance, anomaly detection and generic compliance to identified risk mitigating controls.
Besides the team management you’ll be expected to perform/assist in information security risk assessments and support the R&D SRM department as a whole.
- Operational management of the ‘Assurance’ function
- Define and implement maturity improvements for the Assurance function
- Define and implement improvements for monitoring of compliance to agreed upon security controls
- Align with other focus area leads on operational management, strategy and execution
- Alignment with risk (action) owners on risk mitigation of identified and agreed upon mitigating controls
- Continuous monitoring of compliance to implemented controls
- Perform information security risk management activities. These activities include the execution of risk assessments, analysis/evaluation of identified risks and proposed mitigating controls.
- Risk control compliance reporting
- Contribute to R&D security risk register maintaining risk control status
- Alignment with other security competences (IT and Business) within the security community
- Contribute to improving risk management means and methods
- Advice and align with the organization on security risk management topics
- Provide and contribute to security awareness trainings for specialized topics within D&E
-Bachelor degree and relevant education in Information Security. In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
- 7+ years of relevant experience in information security risk management
- Bachelor degree and relevant education in Information Security. In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
- Proven experience with the ISO27001/2 framework;
- Proven team management skills
- Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP)
- Knowledge of Identity and Access Management processes
- Experience with big-data analytics is a plus
- Experience with ISO31000
- Knowledge of privacy incl GDPR laws and regulations
- Knowledge of (US) export regulations is a plus
- Proven knowledge and experience in the IT security domain
- Familiarity with development and engineering processes, way of working and culture is a plus
- People management
- Team management & team building
- Ability to work effectively in a team environment
- Pro-active and self-motivated with a proven ability to drive results
- Strong analytical and problem-solving skills
- Excellent communication, influencing and negotiating skills
- Ability to translate threats, vulnerabilities and risks at the business stakeholder level and drive risk mitigation, dealing with resistance
- Ability to translate threats and vulnerabilities into business risk and drive mitigation
- Fluent English (written and verbal)
You will be based in Veldhoven and be employed in the R&D Security Risk Management (SRM) team, which is part of the Development and Engineering Information Management department. You will be reporting to the R&D Sector Security Risk Manager.
You will become a member of the ASML Security community, also collaborating with Security Risk Managers in other sectors.