Information and Cyber Security Specialist for Supplier Security

Introduction to the job

Do you like Information and Cyber Security Controls, auditing and contract negotiating within a Sourcing & Supply Chain (S&SC) environment? Come join ASML as a Security specialist to support Supplier Security.

ASML has many different type of suppliers worldwide. Security maturity of these suppliers as also the security maturity of the S&SC department are important to protect ASML.

By understanding our internal business information environment, we identify security risks that may impact the success of the S&SC strategy, priorities and objectives. We perform risk assessments and inform and advise the risk owner to manage these risks to acceptable levels.

By understanding our external supplier eco-system, we identify security risks at suppliers and together

Role and responsibilities

At our location Veldhoven we are looking for a senior Security Specialist to support Sourcing & Supply Chain in managing internal and external risks related to Sourcing & Supply Chain.

As a senior Security Specialist you will be responsible for S&SC’s internal security risks to execute (lead by example) and manage other Security Specialists to perform:

• Risk Management: Enable business to understand, own and manage risk and make informed decisions
• Maturity: Maturing the capabilities of the security function within S&SC
• Project Involvement: Limiting the creation of new vulnerabilities and risks. Educating the project teams
• Application Security: Insight and structured risk reduction on current application landscape (legacy)
• Advice and awareness: Providing advice, solicited and unsolicited. Change the behavior across S&SC
• Compliance: Provide the business perspective on incidents. Ensure compliance and make exceptions visible
• Identity and Access Management: Facilitate demand formulation from business. Represent business demand (BSO role). Challenge business on security posture ofrole models.
• Security Incident Management:Investigate, analyze, ad hoc support and report on information security incidents with high priority.

As a senior Security Specialist you will be responsible for supplier security risks to execute (lead by example) and manage other Security Specialists to perform:

Information Security at suppliers:

• Assessing IT Security Controls of suppliers as received in written form (self-assessment and assessments)
• Assessing risks related to IT Security Controls
• Giving a final advice for the risks by writing an advice (residual risk)

Cyber Security at suppliers: Assessing and improving Cyber Security risks at suppliers identified by our Cyber Security Tool
Contracting suppliers: Reporting on progress by maintaining your part of the central overview on progress of the negotiations for security controls

Education and experience

• Bachelor or Master degree in an IT technical field or equivalent professional experience
• IT auditor or equivalent certification (par example CISA)
• Valid industry security related certifications such as the Certified Information Systems Security Professional (CISSP)
• Overseeing the whole ISO27001 version 2021 with in-depth knowledge of each aspect is preferred
• Having Information and Cyber Security knowledge on a management level and being able to be a counterpart for Subject Matter Experts
• Having a pragmatic approach and can act differently depending on the specific situation (context aware)
• Knowledge and experience with Security audit frameworks and standards
  
  

Skills

Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.
To thrive in this job, you’ll need the following skills:

• Analytical, precise, tenacious, autonomous
• Process minded and Project Management skills
• Diplomatic and good negotiations skills
• Ability to interact with all levels including executives and senior managers
• Ability to build a strong relationship with suppliers
• Strong interpersonal, presentation, analytical and statistical sampling skills
• Exceptional written and verbal communication skills are required

Diversity & Inclusion

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.

Other information

At ASML we invent, develop and manufacture world-leading high tech lithography machines for our chip making customers. These tailor-made machines can image billions of structures in a few seconds with an accuracy of a few silicon atoms. Our headquarters are located in the heart of the Eindhoven region, also known as ‘Brainport’, Europe’s top tech hub.

The S&SC department supports the processes related to sourcing and processing of parts to build those lithography machines.A sub-department within S&SC is Sourcing Support that has team that deals with Supplier Security and Security Risk Management for S&SC. The Information and Cyber Security Specialist reports to the Manager for Supplier Security.

Need to know more about applying for a job at ASML? Read our frequently asked questions.