Senior Information Security Specialist

Introduction

In this role you design test scenarios, conduct tests, analyze, and report on the design and operating effectiveness of information security technical controls to prevent exfiltration among others. This role will also be responsible for setting up information security control test automation.

Job Mission

Your mission is to ensure the internal information security technical policies within ASML are designed, implemented, and operate effectively and are aligned with the company policies and process objectives. You ensure delivery of information security data visualization and automated control testing and reporting capability. Additionally, you ensure a robust testing framework to identify new information security threat vectors and scenarios through research to protect ASML assets in line with the company’s risk appetite as defined within the policies and standards.

Job Description

In this role, you will be testing new information security policy features to check that they work and fit requirements. You develop test cases based on user stories to test and verify information security systems policies specifications coverage. You are responsible for assessing, developing and coding automation procedures to test repetitive information security controls real-time.

You conduct research and remain up to date with information security emerging threats, attack methodologies and information security testing tools. You generate test reports to support policy design and the implementation team to continuously improve information security technical policies effectiveness.

You are familiar with information security related tools and testing methodologies and perform monitoring and reporting on the information security controls effectiveness. You are able to provide a reasonable level of assurance that the internal information security services within ASML and the SaaS applications are aligned with the company’s risk appetite, policies, and standards. Additionally, you propose improvement activities and controls to remediate the identified observations and to reduce the overall information security risks against the company.

Education

Ideally, you have a Bachelor’s Degree in Computer Science, Computer Engineering, or similar field and 5+ years of relevant information security policies development and control testing experience.

Experience

• Experience with testing strategies and test execution for information security exfiltration.
• Experience with test automation including framework development, framework maintenance, framework optimization, automation strategizing, automation planning and automation test execution.
• At least exposure to data analytics and automation or any other similar platform (i.e. Alteryx or any similar)
• At least exposure to in Agile Testing projects, and Jira tools
• Ability to communicate complex technology solutions
• Ability to write detailed test plans to satisfy all development documentation required for tool acceptance.
• Minimum 4 years professional experience focusing on information security, risk management and compliance.
• Have working experience as internal or external IT and Information Security Auditor or Risk Management Officer, is a plus
• Knowledgeable and have working experience with international security standards or frameworks such as ISO 31000, ISO27001 and NIST
• Knowledgeable about the CSA Cloud Control Matrix
• Information security risk management qualifications like CRISC, CISSP, CISA or CISM, is a plus

Personal skills

You are analytical and precise. You are fluent in both written and spoken English and have good communication and organization skills. You bring strong stakeholder management skills and are capable of doing so at various organizational levels. You are pro-active and highly-motivated to drive results and you’re a team player, accompanied by good leadership traits.