30+ days ago - req5556
IT - Asia Security Risk Manager - Linkou
Other job categories
In a nutshell
Other job categories
This role will be responsible for managing and reporting on information security risks in Asia region. In addition, also work as Project Coordinator in region when there is any world/region -wide projects be implemented in Asia countries.
Ensure information security risks stays within the risk appetite by (early) identification of information security risks, performing risk assessments and drive risk mitigation. Work as the main contact window in Asia for security projects to manage the implementation and ensure successful progress to project closure.
This Manager role will work together and closely with whole Asia Security team to ensure a well communicated risk policies and processes followed in the region. With training, well-designed risk register and guidance given to the Asia team, to ensure appropriate risk management in the Region. By well maintained and tracked risk register showing the risk details and all control details, controls are operating effectively. While RSOs and other resources working on security related topics and issues, to support or guide them with appropriate corresponding assessments no matter in application, cloud service or even data protection. With liaised and received supports from Netherlands and right function towers in Information Security Competence Center or Sector Risk Managers.
Additionally, this role will also. As main contact window and bridge between Netherlands/local countries in Asia.
* Designing and implementing an overall risk management process for the region, which also well aligned with what processbeen designed in Netherlands but a model more practical and easy to maintain for Asia region.
* Performing a risk assessment: Analyzing current risks and identifying potential risks that are affecting the company with whole Asia Security team’s support in each local country.
* to formalize the Asia Risk Register and ensure routine reviews and updates to show the accurate and latest overview.
* Performing a risk evaluation: Evaluating the registered risks in Asia. Toward its current handling, potential new risk created by improvement actions or potentially by the company business/organizational change or legal requirements
* Risk reporting tailored to the relevant audience. Including consolidated/aligned risk item and description to support RSOs and their responsible scope/countries. (For specific and significant, together with RSO to educate the business and to ensure busi ness stakeholders understand the risks that might affect their departments and business operations)
* Main contact window when with policy and compliance audits, include liaising with internal/external auditors while with dedicated cooperation/supports from RSOs in Asia.
* Building risk awareness amongst Security staffs by providing support and training
* For the project coordinator role in Asia:
- Establish and maintain good working relationships within Asia Security/with stakeholders and liaise with other supports to facilitate successful delivery
- Monitor project progress, regularly report on progress, identify and action potential stoppers and issues
- Communicate gaps in program performance in Asia and escalate as necessary
EducationBachelor/master degree or equivalent combination of education and experience.
7+ years in information security, operational and/or technology with experience in:
* Conducting Information Security Gap Assessments and Risk Management
* Translating output of security assessment into security plans for the IT service
* Security Awareness training for employees
* where at least 4 years must include direct experience in operational risk management in information security areas.
* Solid job experience in dedicated security roles. CISSP/CISM or comparable ones as plus.
* Knowledge of project management (Prince-2 / PMBOK/APMP) as plus. Proven working experience in project management
* Technical/IT/informatics background bachelor degree.
* Familiar with any IT/Security/Risk assessment frameworks as plus. e.g.
* ISO security related frameworks. E.g. ISO27001
* NIST frameworks related to security. Or any equivalent/well known industrial ones.
* Ability to identify issues and control weakness, translate complex process, application and IT/Information security technical controls into risk
* Analytical, precise, tenacious, autonomous
* Deep technical knowledge of IT/Information Security
* Proven working experience in project management
* Good communication, time management & multi-tasking skills
* Ability to understand broader business issues
* Fluent in English
Context of the position
The position is based out of the Information Security Asia to the Asia Regional Security Officer which is reporting hierarchically and functionally to the CISO of ASML
* Passion: Be passionate about Security and protecting Intellectual Property. Also on learning new techniques and skills.
* Diplomacy: Through diplomacy and team building handle Security issues in cooperative manner during mergers and acquisitions.
* Behave Ethically: Understand ethical behavior and business practices, and ensure that own behavior and the behavior of others is consistent with these standards and aligns with the values of the organization.
* Lead: Positively influence others to achieve results that are in the best interest of the organization
* Make Decisions: Assess situations to determine the importance, urgency and risks, and make clear decisions which are timely and in the best interests of the organization
* Fluent in English and Mandarin