10 days ago - req21746

Sr. Information Security Assurance lead

Research & development

Other job categories

In a nutshell


Veldhoven, Netherlands


Research & development


8+ years



Job Category

Other job categories




ASML is the largest supplier in the world of photolithography systems for the semiconductor industry and manufactures machines for the production of integrated circuits. It is a heavily R&D driven company, and as such, it is critical that we properly safeguard our intellectual property. As an information security manager, you will manage information security risks within the R&D domain, which is a challenging position in an intellectual property-driven enterprise.
R&D Security Risk Management (SRM) operates within the R&D domain, which includes Development & Engineering, System Engineering and all Business Lines. R&D SRM is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution.

Job Mission

Ensure security risks do not exceed the risk appetite by identifying and assessing risks in a timely manner, proposingmitigating controls that conform to policies, standards and best practices. Identify gaps, and propose improvements to existing policies, standards and means & methods. Monitor and report adherence to required security controls.
R&D Security risk management (SRM) is organized into Focus areas. You will be responsible for the Focus Area ‘Assurance’ where you will manage a small team. Attention areas are Cloud (IaaS/PaaS), Export compliance, anomaly detection and generic compliance to identified risk mitigating controls.
Besides the team management you’ll be expected to perform/assist in information security risk assessments and support the R&D SRM department as a whole.

Job Description

  • Organizational
  • Operational management of the ‘Assurance’ function
  • Define and implement maturity improvements for the Assurance function
  • Define and implement improvements for monitoring of compliance to agreed upon security controls
  • Align with other focus area leads on operational management, strategy and execution
  • Alignment with risk (action) owners on risk mitigation of identified and agreed upon mitigating controls
  • Continuous monitoring of compliance to implemented controls
  • Perform information security risk management activities. These activities include the execution of risk assessments, analysis/evaluation of identified risks and proposed mitigating controls.
  • Risk control compliance reporting
  • Contribute to R&D security risk register maintaining risk control status
  • Alignment with other security competences (IT and Business) within the security community
  • Contribute to improving risk management means and methods
  • Advice and align with the organization on security risk management topics
  • Provide and contribute to security awareness trainings for specialized topics within D&E


-Bachelor degree and relevant education in Information Security. In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).


  • 7+ years of relevant experience in information security risk management
  • Bachelor degree and relevant education in Information Security. In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
  • Proven experience with the ISO27001/2 framework;
  • Proven team management skills
  • Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP)
  • Knowledge of Identity and Access Management processes
  • Experience with big-data analytics is a plus
  • Experience with ISO31000
  • Knowledge of privacy incl GDPR laws and regulations
  • Knowledge of (US) export regulations is a plus
  • Proven knowledge and experience in the IT security domain
  • Familiarity with development and engineering processes, way of working and culture is a plus

Personal skills

  • People management
  • Team management & team building
  • Ability to work effectively in a team environment
  • Pro-active and self-motivated with a proven ability to drive results
  • Strong analytical and problem-solving skills
  • Excellent communication, influencing and negotiating skills
  • Ability to translate threats, vulnerabilities and risks at the business stakeholder level and drive risk mitigation, dealing with resistance
  • Ability to translate threats and vulnerabilities into business risk and drive mitigation
  • Fluent English (written and verbal)

Other information

You will be based in Veldhoven and be employed in the R&D Security Risk Management (SRM) team, which is part of the Development and Engineering Information Management department. You will be reporting to the R&D Sector Security Risk Manager.

You will become a member of the ASML Security community, also collaborating with Security Risk Managers in other sectors.