30+ days ago - req23084

IAM Risk Manager

Research & development

Other technical job categories

In a nutshell

Location

Veldhoven, Netherlands

Team

Research & development

Experience

3-7 years

Degree

Bachelor

Job Category

Other technical job categories

Travel

No

Introduction

ASML is the largest supplier in the world of photolithography systems for the semiconductor industry and manufactures machines for the production of integrated circuits. It is a heavily R&D driven company, and as such, it is critical that we properly safeguard our intellectual property.
R&D Security Risk Management (SRM) operates within the R&D domain, which includes Development & Engineering, System Engineering and all Business Lines. R&D SRM is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation, monitoring execution and embedding Identity & Access Management.
As an IAM risk manager you will embed, drive and coordinate Identity & Access Management within the R&D sector. Throughout the company multiple disciplines are required to ensure proper implementation of IAM and identification, mitigation and management ofdata access risks.

Job Mission

Ensure IAM security risks do not exceed the risk appetite by timely identifying and assessing risks and propose mitigating controls conform best practice, policies and standards. Identify gaps, propose improvements and update/create policies, standards, means and methods. Monitor and report adherence to required IAM security controls.

This role focusses on Identity & Access Management within the data/applications andprojects domain by amongst others performing IAM assessments over R&D owned data/applications/information systems.

You will be responsible for:

  • Assessing and advise existing or new Business and IT services (on premise or cloud) on risk to Identity and Access Management (IAM) aspects.
  • Deliver and monitor security / IAM requirements in line with the sensitivity and importance of the subject, company policies and standards.
  • Support business and IT services on definition of IAM risk mitigating actions. Communicate and advise security risk management, projects, business and IT partners on IAM improvements and requirements.

Job Description

  • Perform, advise and follow up onIAM assessments and identified risks in line with risk appetite;
  • Ensure compliance to security policies and standards;
  • Advise and support business and IT on implementation of access models;
  • Advise and support the business on implementation of business roles and rules in IAM;
  • Drive implementation of agreed access controls;
  • Support in embedding IAM capabilities within the business;
  • Support IAM governance within R&D;
  • Support business with demand and priority setting in the IAM domain;
  • Contribute to improving means and methods related to IAM domain;
  • Align with other projects and application security competences (IT and Business) within the security community;
  • Update the R&D application and risk register.

Education

A bachelor degree or higher and relevant education in Information Security, Audit or IAM;

Experience

We are looking for a candidate with experience in translate business and compliance requirements in IAM capabilities and access models.

Besides this we are looking for a candidate with:

  • 5+ years of relevant experience in IAM (information security) risk management;
  • Broad and proven understanding/ knowledge and experience in information and IT security domain,
    particularly in Identity and Access Management and IAM processes;
  • Knowledge of role, attribute, policy based access management;
  • Proven experience with Identity and Access Management tools including knowledge of the product market,
    best practices for requirements definition, business rule management and best practices for deployment
  • Able to understand and translate IT/IAM threats and vulnerabilities to business risk;
  • Affinity with technology driven environments, way of working and culture;
  • In possession of a valid work permit for The Netherlands;

We prefer candidates with:

  • In possession of valid industry certifications (CISM, CISA, ISO 27001);
  • Knowledge of GDPR and export regulations;
  • Knowledge of IAM solutions and tools i.e. Okta, Sailpoint, Active directory;
  • Knowledge of Cloud Service implementation and security;
  • Solid devops (SAFe) and project management understanding.

Personal skills

  • Strong analytical skills.
  • Security risk minded.
  • Team player.
  • Dealing with resistance and reluctance.
  • Fluent English (written and verbal).
  • Excellent communication, influencing and negotiating skills.
  • Pro-active and self-motivated with the proven ability to drive results.
  • Communication and stakeholder management skills at different levels of the organization and with
    outside vendors and service providers.

Context of the position

You are based in Veldhoven, the Netherlands. You will be employed in the R&D Security Risk Management (SRM) team which is part of the Development and Engineering Information Management department. You will be reporting to the Application security and project security focus group leads and functionally reporting to the R&D Sector Security Risk Manager.


You are a member of the ASML Security community; collaborating also together with Security Risk Managers in other sectors.

Other information

This position requires access to U.S. controlled technology, as defined in the United States Export Administration Regulations. Qualified candidates must be legally authorized to access such U.S. controlled technology prior to beginning work.

ASML does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered ASML’s property, and ASML will not be obligated to pay a referral fee. This includes resumes submitted directly to hiring managers without contacting the Resource Center Department.

ASML is GDPR compliant, therefore we cannot process applications sent outside of our recruitment system.

If you are interested in this vacancy please apply.