4 days ago - req29624
Information Security Risk Manager Corporate
Other job categories
In a nutshell
Other job categories
For the Corporate sector in ASML we are looking for an experienced Information Security Risk Manager to further strengthen our ability to manage our information security risks. The Corporate sector includes a wide variety of specific departments including Finance, HR, Communication, Legal, Strategy, Risk and Business Assurance and Quality.
Within ASML generic security capabilities are organized centrally. Security risk management is however embedded within each of the sectors. The Security Risk Management (SRM) team identifies and assesses potential information security risks in processes and applications, recommends mitigations to reduce the risks to an acceptable level and helps the risk owners drive the implementation. The team is involved in all programs, projects and changes to assess the information security risks of the assets that are being introduced or changed by providing security requirements and validating adequate implementation. Creating awareness and educating the sector on all levels is a key responsibility for each member of the team. Finally the team is driving the implementation of company-wide initiatives within the Corporate sector to strengthen and mature the information security capabilities.
Ensure that information security risks do not exceed the organization risk appetite by timely identifying and assessing risks, driving risk mitigation, maintaining the security risk register and monitoring and reporting on progress.
You will be part of the corporate Security Risk Management team and have responsibility for one or more focus areas:
- As lead contact for one or more departments you will have regularly alignment and will act as primary contact to senior management of these departments. You will identify and provide advice on information security risks and report on the security status.
As service owner for one or more SRM services (like application assessments, project security requirements management or risk management), you are accountable that the service is well managed in the context of the Corporate Sector and quality improvements are implemented and aligned cross-sector.
You also execute the SRM services for your focus areas together with other team members:
- Perform intakes on new programs, projects and changes, determine the information security impact and provide relevant security requirements.
- Depending on the risk and nature of the project you provide guidance and advice to realize ‘security by design’, and you validate requirements prior to Go-Live. You define remaining risks, validate them with business stakeholders and recommend mitigations, register them and follow up on progress.
- Execute structured assessments of key applications with focus on high-level decomposition, information usage and access model and report to stakeholders. Apply ISO27001/2 and ASML policies and standards as basis.
- Execute risk assessments on processes or specific issues and define risks with proposed mitigation actions.
- Drive compliance to policies and standards and ensure insight in compliance status.
- Investigate and report on information security incidents
- Create security awareness
- Participate in and support ASML wide security portfolio projects, and drive/support Corporate sector specific projects
- Keep up with relevant international legislation, emerging threats, forecasts, policies and benchmarks
- Align with other security risk management teams and related functions like IT Security, privacy office or internal control.
- Master's degree or equivalent combination of education and experience (e.g. in a technical area, technical business administration).
- In possession of valid industry certifications, like CISM, CISA, CISSP, CRISC, CCSP.
- Minimum of 8 years of relevant experience in information security risk management and assessments/audits.
- Knowledge of and experience with security standards and frameworks, especially ISO27001 and ISO31000 risk management framework
- Translation of IT threats and vulnerabilities to business risks
- Understanding / knowledge / experience in the IT security domain, understanding conceptual designs
- Experience in a global organization with the proven ability to navigate complex, international work environments being sensitive to cultural differences
- Fluent in English (written and verbal)
- Basic project management experience
- Preferably experience in corporate sector
- Ability to communicate with, convince and inspire senior management, explaining findings and associated risks such that impact is clear and ownership is taken
- Relationship builder; able to create and maintain a trusted network
- Able to give direction, plan and prioritize
- Strong analytical skills
- Pragmatic, pro-active, hands-on mentality, motivated by realizing goals rather than personal acknowledgement and a proven ability to drive results
Context of the position
As Information Security Risk Manager you are part of Global Enabling Services – Center of Excellence and will report to the Sector Information Security Risk Manager.
Global Enabling Services – Center of Excellence provides services to all Corporate departments, including Business Architecture, Information Management/Portfolio management, Program/Project Management, Master Data Management and Information Security.
You will be based in Veldhoven, the Netherlands. You will be a member of the ASML Security community; working closely together with the security risk management teams in other sectors and the central security competence teams.
Interested in this position? Please apply with cv and cover letter.