30+ days ago - J-00229856-966

Security Risk Manager - Operations / Corporate Real Estate

Other corporate functions

Real Estate

Other job categories

Other technical job categories

In a nutshell

Location

Veldhoven, Netherlands

Team

Other corporate functions

Experience

8+ years

Degree

Bachelor

Job Category

Real Estate, Other job categories, Other technical job categories

Travel

10%

Introduction to the job

For the Operations sector in ASML we are looking for an experienced Security Risk Manager to further strengthen our ability to protect the Intellectual Property of ASML, our customers and our suppliers and to prevent business disruption in our factories and supply chain. The Operations sector is the largest sector within ASML and includes Manufacturing, Customer Support, Sourcing and Supply Chain and Corporate Real Estate. This role will focus onCorporate Real Estate (CRE).

Within ASML generic security capabilities are organized centrally via competences. Security risk management is however embedded within each of the sectors. The security risk management team identifies and assesses potential security risks, recommends mitigations and helps the risk owners drive the implementation of mitigations to reduce the risk to an acceptable level. The team is involved in all programs, projects and changes to assess the assets that are being introduced or changed, to provide security requirements and to validate adequate implementation. In case of security incidents the team is involved in determining business impact, in communication and escalation towards sector management and in defining lessons learned and structural improvements. Creating awareness and educating the sector ranging from senior management to people on the ground is a key responsibility for each member of the team.

Finally the security risk management team is also managing or driving ASML wide and/or Operations specific projects to strengthen and mature the information security capabilities of ASML.

Role and responsibilities

Team Mission
Ensure that information security risks do not exceed the organization risk appetite by timely identifying risks and maintaining the security risk register, assessing risks, drive risk mitigation and monitor and report on progress.

Job Description
As experienced Security Risk Manager you are expected to fulfill the following responsibilities:

  • Identify and provide advice on strategic and tactical security risks within Corporate Real Estate
  • Act as sounding board to the management of Corporate Real Estate
  • Support the implementation of security capabilities and governance within the sector, e.g. around the security of the OT/ICS (Industrial Control Systems)
  • Drive mitigation of risks; propose mitigating controls in accordance with sector risk appetite and drive implementation and use
  • Formulate, assess and maintain the security risks in the Risk Register; prepare periodic reports and help to get a clear oversight on the status of current security controls for the sector
  • Generate demand towards the central security competences and IT based on outcomes of risk assessments; help define the implementation of additional measures and capabilities
  • Act a security expert in the areas of i.e. ICS Security, Access Control, Communication Security, Incident Management, Supplier & Customer Relationship, Training & Awareness, Asset Management, Business Continuity Management, Operations Security and System Acquisition, Dev & Maintenance
  • Register, investigate and report on information security incidents
  • Perform an intake on new projects and changes, determine the information security impact and provide policies, guidance and advice to stimulate ‘security by design’; depending on the nature of the project more or less involvement will be required throughout the project
  • Support the classification, ownership and information governance access rules on information types within the sector
  • Prepare and execute security assessments on applications or business processes understanding threat sources and vulnerabilities and using ISO27001 and the ASML policies and standards as baseline
  • Gradually change the behavior of everyone within Corporate Real Estate by amongst others, making security awareness campaigns specific to the different teams and departments. Build out and actively manage a network of security champions
  • Ensure compliance to security policies and standards
  • Liaise with the Privacy Office on privacy related topics and with Compliance on other regulatory requirements
  • Keep up with relevant international legislation, emerging threats, forecasts, policies and benchmarks
  • Align with other security risk management teams and central competence teams to support cross-sector initiatives
  • Support the identification of business managed applications and assets within the sector

Education and experience

Education

  • Master's degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering). Optionally bachelor
  • In possession of valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
  • In possession of a valid work permit for The Netherlands

Experience

  • Minimum of 8 years of relevant experience in information security, IT audit or doing security assessments
  • Knowledge of and experience with security standards and frameworks, especially ISO27001, IEC62443 and ISO31000 risk management framework

Skills

Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.
To thrive in this job, you’ll need the following skills:

Technical skills:

  • Able to understand and translate IT (and OT) threats and vulnerabilities to business risk.
  • Understanding / knowledge / experience in the IT (and OT) security domain
  • Experience with Identity and Access Management processes
  • Ability to recommend mitigating measures using a combination of IT and non-IT controls
  • Worked for a global organization sized similar to ASML with the proven ability to navigate complex, international work environments being sensitive to cultural differences
  • Fluent in English (written and verbal)
  • Pro: Experience in manufacturing / production environment
  • Pro: Experience in OT/ICS security initiatives and environments

Personal skills:

  • Ability to communicate with, convince and inspire senior management, explaining findings and associated risks such that impact is clear and ownership is taken
  • Relationship builder; able to create and maintain a trusted network
  • Able to give direction, plan and prioritize
  • Natural drive to understand how activities are really executed on the floor, to be able to identify security risks and propose mitigations in a way that makes it relevant and understandable for stakeholders at different levels
  • Pragmatic, pro-active, hands-on mentality, motivated by realizing goals rather than personal acknowledgement and a proven ability to drive results

Diversity & Inclusion

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.

Other information

As experienced Security Risk Manager you will be part of the Operations Strategies and Excellence (OSE) department and will report to the lead Security Risk Manager Operations.
The OSE department supports the definition of the Operations strategy, the translation of the strategy into capabilities, a roadmap and a portfolio and drives specific competences including Information Security, Information Management, Portfolio management, Program/Project Management and Benefits Management.

You will be based in Veldhoven, the Netherlands. You will be a member of the ASML Security community; working closely together with the security risk management teams in other sectors and the central security competence teams.

Career & application

ASML creates the conditions that enable you to realize your full potential. We provide state-of-the-art facilities, opportunities to develop your talents, international career opportunities, a stimulating and inspiring environment, and most of all, the commitment of a company that recognizes and rewards outstanding performance. What is working at ASML like?
Check this out: https://www.youtube.com/watch?v=qXpAMguP-vQ

Our selection process includes an online Talent Exploration that gathers information about your key drivers, your personal values, motivators and career ambitions. The Talent Exploration enables both you and us to explore if there is a mutual match - not only for today, but also for your future career at ASML.

Please note that at the moment we have several interesting opportunities within our team – based on your experience and ambitions we will determine the best match together with you.

Need to know more about applying for a job at ASML? Read our frequently asked questions.


Learn more about this job