Corporate Risk Expert
Legal, Compliance, Risk and Assurance
In a nutshell
Legal, Compliance, Risk and Assurance
Other non-technical backgrounds
Introduction to the job
For the Corporate sector in ASML we are looking for a Corporate Risk Expert to further strengthen our ability to manage our information security risks. The Corporate sector includes a wide variety of specific departments including Finance, HR, Communication, Legal, Strategy, Risk and Business Assurance and Quality.
Role and responsibilities
You will ensure that information security risks do not exceed the organization risk appetite by timely identifying and assessing risks, driving risk mitigation, maintaining the security risk register and monitoring and reporting on progress.
Within ASML generic security capabilities are organized centrally. Security risk management is however embedded within each of the sectors. The Security Risk Management (SRM) team identifies and assesses potential information security risks in processes and applications, recommends mitigations to reduce the risks to an acceptable level and helps the risk owners drive the implementation. The team consists of 8 FTE and is involved in all programs, projects and changes to assess the information security risks of the assets that are being introduced or changed by providing security requirements and validating adequate implementation. Creating awareness and educating the sector on all levels is a key responsibility for each member of the team. Finally the team is driving the implementation of company-wide initiatives within Corporate sectors to strengthen and mature the information security capabilities.
As a Corporate Risk Expert you will strengthen our team and will be focusing on project engagement, application assessments and execution of security portfolio projects.
Your responsibilities include:
- Perform intakes on new programs, projects and changes, determine the information security impact and provide relevant security requirements. Where relevant, liaise with the Privacy Office on privacy related topics and with Compliance on other regulatory requirements;
- Depending on the risk and nature of the project you provide guidance and advice to realize ‘security by design’, and finally you validate requirements prior to Go-Live. You define remaining risks, validate them with business stakeholders and recommend mitigations, register those and follow up on progress.
- Support the structured assessment of key applications and processes, applying ISO27001/2 and ASML policies and standards;
- Execute/support risk assessments as well as defining and implementing improvements for services where you have assigned responsibility within the Corporate sector.
- Align with other sectors, stakeholders and clients to ensure appropriate level of control across the Corporate landscape.
- Focus on business usage aspects, like Access Control, Communication Security, Incident Management, Supplier Relationship, Training & Awareness, Asset Management, Business Continuity Management, Operations Security and System Acquisition, Dev & Maintenance.
Experience and education
Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems. Being a strong communicator, you feel at ease advising your business stakeholders whilst having a pragmatic mindset, putting actions to work. You are business savvy, and have a good technical background related to the ISO2700x and/or NIST standards. The combination of your IT and non-IT experience gives you an edge acting in this position, ideally you are certified in CISM, CISA, CISSP or CCSP.
Ideally you bring the following experience:
- Minimum of 5 years of relevant experience in information security;
- Experience and exposure in relevant, global corporate environments;
- A solid understanding of the IT security domain;
- Master's degree or equivalent combination of education and experience (e.g. in a technical area, business administration, industrial engineering).
Diversity & Inclusion
ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.
As Corporate Risk Expert you are part of Global Enabling Services – Center of Excellence and will report to the Sector Information Security Risk Manager.
Global Enabling Services – Center of Excellence provides services to all Corporate departments, including Business Architecture, Information Management/Portfolio management, Program/Project Management, Master Data Management and Information Security.
You will be based in Veldhoven, the Netherlands. You will be a member of the ASML Security community; working closely together with the security risk management teams in other sectors and the central security competence teams.
Interested in this position? Please apply with cv and cover letter.