Security Risk Manager
Other job categories
In a nutshell
Other job categories
For the Operations sector in ASML we are looking for an experienced Security Risk Manager to further strengthen our ability to manage potential security risks.
ASML has a security governance where security risk management is embedded on sector level. The Security Risk manager drives risk identification and risk mitigation in his sector and is a member of the ASML security platform which addresses cross-sector risks, means and methods and the ASML integrated security roadmap.
Ensure that security risks do not exceed the organization risk appetite by timely identifying risks and maintaining the security risk register, assessing risks, drive risk mitigation and monitor and report on progress.
As Information Security Risk Manager you are part of the OSE department and will report to the Senior Information Manager Operations Sector.
The OSE department drives and supports improvements in business processes and IT tooling for the ASML Operations sectors. We do this through several distinct services; e.g. Business Architecture, Information Management/Portfolio management, Program/Project Management, Business Intelligence, Master Data Management. The corporate sectors are Finance, Sourcing, HR, Communication, Tax, Legal, Treasury and Corporate Risk and Assurance, Marketing.
You are based in Veldhoven, the Netherlands. You are a member of the ASML Security platform; working closely together with the Security Risk Managers in other sectors and with (senior) business stakeholders in the corporate sectors.
- Identify risks and perform/facilitate risk assessments.
- Drive mitigation of risks; propose mitigating controls in accordance with sector risk appetite and drive implementation and use.
- Maintain the sector security risk register and periodic reporting; have a clear oversight on the status of current security controls for the sector.
- Stakeholder management; ensure awareness and ownership of risks/mitigations.
- Ensure compliance to security policies and standards.
- Alignment with IT security department on IT infrastructure security.
- Keep up with relevant international legislation, emerging threats, forecasts, policies and benchmarks.
- Manage the implementation of the Information governance access rules for information owned within the sector.
- Define the Secure Storage Standard for the sector.
- Organize User Access Management for Applications owned by the Sector.
- Define/Review functional design of these applications to segregate data stored within the application per user group.
- Oversee and assure Patching and Hardening of Servers owned in the sector.Assure eradication of the biggest vulnerabilities (i.e. CVSS Score 8,9,10) on servers owned and managed within the sector
- Identify unknown assets owned in the Sector for improving Incident Resolution and facilitate Network Segmentation.
- Ensure Cloud Applications procured by the Sector are compliant with Security policy and standards and follow the procurement/IT Security onboarding process.
- Master degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering).
- Information security risk management qualifications like CISSP, CISA or CISM.
- Minimum of 5 years of relevant experience in information security risk management.
- Proven experience with the ISO27001/2 risk management framework/control.
- Proven experience in the IT security domain.
- Knowledgeable on multiple laws and regulations; e.g. GDPR and US export regulations.
- Relationship builder; able to create and maintain a trusted network on all levels.
- Good communication, influencing and negotiating skills.
- Able to convince, inspire and motivate people.
- Strong analytical skills.
- Pro-active and self-motivated with the proven ability to drive results.
- Pragmatic, hands-on mentality, motivated by realizing goals rather than personal acknowledgement.
- Able to give direction, plan and prioritize.
- Creative when handling problems.
- Flexible, adapting to company culture and individual behavior.
- Fluent in English (written and verbal).
To attract and retain the best people, we have a competitive employment conditions package, including
- Fixed 13th month;
- Attractive profit scheme (2018:17%)
- 27 holidays and 13 additional free days.
ASML creates the conditions that enable you to realize your full potential. We provide state-of-the-art facilities, opportunities to develop your talents, international career opportunities, a stimulating and inspiring environment, and most of all, the dedication of a company that recognizes and rewards extraordinary performance.Our selection process includes an online Talent Exploration that gathers information about your key drivers, your personal RequisitionLocals, motivators and career ambitions. The Talent Exploration enables both you and us to explore if there is a mutual match - not only for today, but also for your future career at ASML.