SS&P - Asia Supplier Information & Cyber Security Manager - Linkou

Introduction to the job

Do you like Information and Cyber Security Controls, auditing and contract negotiating within a Strategic Sourcing & Procurement (SS&P) environment? Come join ASML as a Cyber Security Specialist to support Supplier Security and Security Risk Management Team.

Supplier Security and Security Risk Management (the team) is a team that does support contracting security requirements, execute our part when security incidents happen at suppliers, risk based assessing of suppliers, gap closure/improvement of suppliers and mature information and cyber security in the eco-system (external focus).

The team also does security for the sector SS&P like assessing applications, awareness, risk management, security incidents  and more (internal focus).

Job Mission

ASML has many different type of suppliers worldwide. Security maturity of these suppliers as also the security maturity of the SS&P sectors are important to protect ASML.

By understanding our external supplier eco-system and our internal eco-system (example IT assets) , we identify security risks and together with suppliers/ASML IT we drive improvement.

Role and responsibilities

We are looking for a Supplier Information Cyber Security & Contracting Specialist who will be responsible in collaboration with other security specialists to perform:

• Supplier Security way of working (give input together with team):

  • Update the supplier security policy and supplier security standard based on experience, relevant trends from outside and law/regulations

  • Continues improvement of process, people and technology

• Dashboarding/reporting (update your part of the dashboards):

  • For all activities dashboard and reports are generated at fixed moments.

• Contracting suppliers (for your suppliers perform/update):

  • Reporting on progress by maintaining your part of the central overview on progress of the negotiations for security controls

• Information Security at suppliers (your role):

  • Assessing IT Security Controls of suppliers as received in written form (self-assessment and onsite assessments)

  • Assessing risks related to IT Security Controls

  • Giving a final advice for the risks by writing an advice (residual risk)

  • Drive improvement of suppliers

• Cyber Security at suppliers (together with cyber specialist):

  • Assessing and improving Cyber Security risks at suppliers identified by our Cyber Security Tool

• Cyber incidents at suppliers (your role to support, together with team):

  • Be the initial interface with the supplier and the Cyber Security Specialist in case of a security incident at suppliers

• Master classes for PR and NPR suppliers (your role to give input, together with team):

  • Use risks identified during information security assessment and cyber security at suppliers to develop master classes to improve suppliers in 1 to many events

Education and experience
Overall 10-15 years working experiences, 8+ of relevant experience in Information Cyber Security and contracting strategy and/or execution, preferably in a corporate, technology-related environment

• Master/Bachelor  degree in an IT technical field or equivalent professional experience

• IT auditor or equivalent certification (par example CISA)

• Valid industry security related certifications such as the Certified Information Systems Security Professional (CISSP)

• Overseeing the whole ISO27001 version 2021 with in-depth knowledge of each aspect is preferred

• Having Information and Cyber Security knowledge on a management level and being able to be a counterpart for Subject Matter Experts

• Having a pragmatic approach and can act differently depending on the specific situation

• Knowledge and experience with security audit frameworks and standards

Skills

Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.

To thrive in this job, you’ll need the following skills:

• Analytical, precise, tenacious, autonomous

• Process minded and Project Management skills

• Diplomatic and good negotiations skills

• Ability to interact with all levels including executives and senior managers

• Ability to build a strong relationship with suppliers/stakeholders

• Strong interpersonal, presentation, analytical and statistical sampling skills

• Exceptional written and verbal communication skills are required

Inclusion and diversity

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that inclusion and diversity is a driving force in the success of our company.

Need to know more about applying for a job at ASML? Read our frequently asked questions.