For our client ASML in Veldhoven we are looking for the Product Security Compliance, Risk, and Assurance Manager who will be responsible for assuring the business develops their products within ASML cyber and information security risk appetite by developing, maintaining, and improving product security risk management framework -including means and methods- in alignment with ASML risk appetite and business needs.
The Product Security Compliance, Risk, and Assurance Manager is responsible for:
- development, maintenance, and improvement of the product security compliance, risk, and assurance means and methods such as policies, standards, benchmarks, guidelines, assessment tooling, security processes, etc.;
- integration of product security means and methods in business/ product development processes;
- alignment of product security risk management framework with cross-product security reference architecture;
- execution of product security control and risk assessments and drive mitigation in product development processes;
- registering and maintaining product security risks and exceptions in respective R&D registers;
- product security risk and assurance process, risk register, exception management process, incident management process, and product security policy framework management process, including process improvements;
- leading and driving maturity improvements, like embedding compliance, risk, and assurance means and methods in GRC, security management, and service management tooling;
- setup and maintenance of product security KPI’s reporting;
- providing and contributing to security awareness trainings for specialized topics such as secure software development.
Bachelor/ Master degree or equivalent combination of education and experience.
- Minimum of 10 years of relevant experience in IT security, OT security and information security risk management;
- Strong IT and software architecture knowledge and background;
- Proven experience with risk management frameworks such as ISO 27001;
- Vendor agnostic expertise of IT/ software architecture;
- Pre: proven experience in secure software development and secure programming;
- Pre: Experience with certificates and encryption techniques.
- Security certifications like CISSP, and CISM.
- Specialized security risk certifications like CISA, CRISK, and ISO 27001 Lead Auditor.
- Skill to lead, influence, and negotiate without authority;
- A business enabling security attitude in opposite to a business disabling one;
- Strong analytical skills in combination with common sense;
- Ability to translate risk, threats, and vulnerabilities to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite;
- Pro-active and self-motivated attitude;
- Political aware and sensitive;
- Fluent English (written and verbal);
- Team player;
- Strong communication and presentation skills;
- Drive to retrieve the root cause of the problem.
Terms of employment
Context of the position:
The product security compliance, risk, and assurance manager is positioned within the Information Management, R&D Security Risk Management department which is part of the Development & Engineering business function. The product security compliance, risk, and assurance manager will functionally report to the product security focus group lead and hierarchically to the R&D sector security risk manager.
This position requires access to U.S. controlled technology, as defined in the United States Export Administration Regulations. Qualified candidates must be legally authorized to access such U.S. controlled technology prior to beginning work.
ASML does not accept unsolicited resumes from any agencies that have not signed a mutual service agreement. All unsolicited resumes will be considered ASML’s property, and ASML will not be obligated to pay a referral fee. This includes resumes submitted directly to hiring managers without contacting the Resource Center Department.
ASML is GDPR compliant, therefore we cannot process applications sent outside of our recruitment system.
If you are interested in this vacancy please apply.
Information about the company:
ASML is a Dutch high-tech company and one of the main suppliers of machines for the semiconductor industry, in particular steppers and scanners, used in the manufacturing of chips. Customers are mostly chip producers. ASML's head office and business complex is located in Veldhoven, where both research & development, and assembly in cleanrooms take place. The company also has sixty service points in fourteen countries to support the installation and delivery of machines and spare parts.
ASML is the largest supplier in the world of photolithography systems for the semiconductor industry and manufactures machines for the production of integrated circuits. It is heavily R&D driven company and as such our IP is most important to ensure we properly safeguard this.
All R&D is performed to deliver products to our customers (whether in physical or software only form). Changing threat and risk horizons require us to further improve on product security focusing on cyber security and information security resilience in respectively products and product intellectual property.
Inclusiviteit en diversiteit
Uiteraard staat deze vacature open voor iedereen die zich hierin herkent. We geloven dat diverse teams van belang zijn voor ons als lerende organisatie, die voorop wil blijven lopen in de wereld van werk. Want juist verschillen tussen mensen zorgen voor groei. Van collega's, klanten, kandidaten en daarmee van Yacht. Heb jij een uniek talent? We ontmoeten je graag.