6 days ago - req29627
Information Security Risk Expert Corporate
Other job categories
In a nutshell
Other job categories
For the Corporate sector in ASML we are looking for an Information Security Risk Expert to further strengthen our ability to manage our information security risks. The Corporate sector includes a wide variety of specific departments including Finance, HR, Communication, Legal, Strategy, Risk and Business Assurance and Quality.
Within ASML generic security capabilities are organized centrally. Security risk management is however embedded within each of the sectors. The Security Risk Management (SRM) team identifies and assesses potential information security risks in processes and applications, recommends mitigations to reduce the risks to an acceptable level and helps the risk owners drive the implementation. The team is involved in all programs, projects and changes to assess the information security risks of the assets that are being introduced or changed by providing security requirements and validating adequate implementation. Creating awareness and educating the sector on all levels is a key responsibility for each member of the team. Finally the team is driving the implementation of company-wide initiatives within Corporate sectors to strengthen and mature the information security capabilities.
Ensure that information security risks do not exceed the organization risk appetite by timely identifying and assessing risks, driving risk mitigation, maintaining the security risk register and monitoring and reporting on progress.
As an Information Security Risk Expert you will strengthen our team and will be focusing on project engagement, application assessments and execution of security portfolio projects.
Your responsibilities include:
- Perform intakes on new programs, projects and changes, determine the information security impact and provide relevant security requirements. Where relevant, liaise with the Privacy Office on privacy related topics and with Compliance on other regulatory requirements.
- Depending on the risk and nature of the project you provide guidance and advice to realize ‘security by design’, and finally you validate requirements prior to Go-Live. You define remaining risks, validate them with business stakeholders and recommend mitigations, register those and follow up on progress.
- Support the structured assessment of key applications and processes, applying ISO27001/2 and ASML policies and standards.
- Execute/support risk assessments on specific issues and define risks with proposed mitigation actions.
- Define and implement improvements for services where you have assigned responsibility within the Corporate sector and align with other sectors on shared approach.
- Register, investigate and report on information security incidents
- Participate in and support security portfolio projects, both ASML wide and Corporate sectors specific
- Focus on business usage aspects, like Access Control, Communication Security, Incident Management, Supplier Relationship, Training & Awareness, Asset Management, Business Continuity Management, Operations Security and System Acquisition, Dev & Maintenance
- Align with other security risk management teams and central competence teams to support cross-sector initiatives
- Master's degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering).
- In possession of valid industry certifications like CISM, CISA, CISSP, CCSP.
- Minimum of 5 years of relevant experience in information security
- Knowledge of and experience with security standards and frameworks, especially ISO27001/2
- Recommending mitigating measures using a combination of IT and non-IT controls
- Understanding / knowledge / experience in the IT security domain
- Experience in a global organization
- Fluent in English (written and verbal)
- Preferably experience in corporate sector
- Good communication and advisory skills
- Relationship builder; able to create and maintain a trusted network
- Pragmatic, hands-on mentality, motivated by realizing goals rather than personal acknowledgement
- Creative when handling problems
- Pro-active and self-motivated with the proven ability to drive results
Context of the position
As Information Security Risk Expert you are part of Global Enabling Services – Center of Excellence and will report to the Sector Information Security Risk Manager.
Global Enabling Services – Center of Excellence provides services to all Corporate departments, including Business Architecture, Information Management/Portfolio management, Program/Project Management, Master Data Management and Information Security.
You will be based in Veldhoven, the Netherlands. You will be a member of the ASML Security community; working closely together with the security risk management teams in other sectors and the central security competence teams.
Interested in this position? Please apply with cv and cover letter.