You can withdraw your consent at any time on our cookie consent page.Configure your cookie settings and confirm to save your settings. You can withdraw or change your consent at any time on our cookie consent page.
Information Security Expert Corporate
Other corporate functions
Other job categories
In a nutshell
Other corporate functions
Other job categories
Introduction to the job
For the Corporate sector in ASML we are looking for an Information Security Risk Expert to further strengthen our ability to manage our information security risks. The Corporate sector includes a wide variety of specific departments including Finance, HR, Communication, Legal, Strategy, Risk and Business Assurance and Quality.
Within ASML generic security capabilities are organized centrally. Security risk management is however embedded within each of the sectors. The Security Risk Management (SRM) team identifies and assesses potential information security risks in processes and applications, recommends mitigations to reduce the risks to an acceptable level and helps the risk owners drive the implementation. The team is involved in all programs, projects and changes to assess the information security risks of the assets that are being introduced or changed by providing security requirements and validating adequate implementation. Creating awareness and educating the sector on all levels is a key responsibility for each member of the team. Finally the team is driving the implementation of company-wide initiatives within Corporate sectors to strengthen and mature the information security capabilities.
Role and responsibilities
Ensure that information security risks do not exceed the organization risk appetite by timely identifying and assessing risks, driving risk mitigation, maintaining the security risk register and monitoring and reporting on progress.
As an Information Security Risk Expert you will strengthen our team and will be focusing on project engagement, application assessments and execution of security portfolio projects.
Your responsibilities include:
·Perform intakes on new programs, projects and changes, determine the information security impact and provide relevant security requirements. Where relevant, liaise with the Privacy Office on privacy related topics and with Compliance on other regulatory requirements.
·Depending on the risk and nature of the project you provide guidance and advice to realize ‘security by design’, and finally you validate requirements prior to Go-Live. You define remaining risks, validate them with business stakeholders and recommend mitigations, register those and follow up on progress.
·Support the structured assessment of key applications and processes, applying ISO27001/2 and ASML policies and standards.
·Execute/support risk assessments on specific issues and define risks with proposed mitigation actions.
·Define and implement improvements for services where you have assigned responsibility within the Corporate sector and align with other sectors on shared approach.
·Register, investigate and report on information security incidents
·Participate in and support security portfolio projects, both ASML wide and Corporate sectors specific
·Focus on business usage aspects, like Access Control, Communication Security, Incident Management, Supplier Relationship, Training & Awareness, Asset Management, Business Continuity Management, Operations Security and System Acquisition, Dev & Maintenance
·Align with other security risk management teams and central competence teams to support cross-sector initiatives
·Master's degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering).
·In possession of valid industry certifications like CISM, CISA, CISSP, CCSP.
·Minimum of 5 years of relevant experience in information security
·Knowledge of and experience with security standards and frameworks, especially ISO27001/2
·Recommending mitigating measures using a combination of IT and non-IT controls
·Understanding / knowledge / experience in the IT security domain
·Experience in a global organization
·Fluent in English (written and verbal)
·Preferably experience in corporate sector
Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.
To thrive in this job, you’ll need the following skills:
·Good communication and advisory skills
·Relationship builder; able to create and maintain a trusted network
·Pragmatic, hands-on mentality, motivated by realizing goals rather than personal acknowledgement
·Creative when handling problems
·Pro-active and self-motivated with the proven ability to drive results
Diversity & Inclusion
ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.
As Information Security Risk Expert you are part of Global Enabling Services – Center of Excellence and will report to the Sector Information Security Risk Manager.
Global Enabling Services – Center of Excellence provides services to all Corporate departments, including Business Architecture, Information Management/Portfolio management, Program/Project Management, Master Data Management and Information Security.
You will be based in Veldhoven, the Netherlands. You will be a member of the ASML Security community; working closely together with the security risk management teams in other sectors and the central security competence teams.
Interested in this position? Please apply with cv and cover letter.
Need to know more about applying for a job at ASML? Read our frequently asked questions.