Corporate risk expert

Introduction to the job

As a corporate risk expert, you will help ASML to further strengthen our ability to manage our information security risks within the Corporate sector, which includes a wide variety of specific departments including Finance, HR, Communication, Legal, Strategy, Risk and Business Assurance and Quality. You will ensure that information security risks do not exceed the organization risk appetite by timely identifying and assessing risks, driving risk mitigation, maintaining the security risk register and monitoring and reporting on progress.

Role and responsibilities

Within ASML, generic security capabilities are organized centrally. Security risk management is, however, embedded within each of the sectors. As a corporate risk expert, you will be part of the Security Risk Management (SRM) team, which identifies and assesses potential information security risks in processes and applications, recommends mitigations to reduce the risks to an acceptable level and helps the risk owners drive the implementation.

The team consists of 8 FTE positions, and is involved in all programs, projects and changes to assess the information security risks of the assets that are being introduced or changed by providing security requirements and validating adequate implementation. Creating awareness and educating the sector on all levels is a key responsibility for each member of the team. Finally, the team is driving the implementation of company-wide initiatives within Corporate sectors to strengthen and mature the information security capabilities.

As a corporate risk expert, you will strengthen our team and will be focusing on project engagement, application assessments and execution of security portfolio projects.

In this role, you will:

• Perform intakes on new programs, projects and changes, determine the information security impact and provide relevant security requirements
• Where relevant, liaise with the Privacy Office on privacy related topics and with Compliance on other regulatory requirements
• Depending on the risk and nature of the project, you provide guidance and advice to realize ‘security by design’, and you validate requirements prior to Go-Live; you define remaining risks, validate them with business stakeholders and recommend mitigations, register those and follow up on progress
• Support the structured assessment of key applications and processes, applying ISO27001/2 and ASML policies and standards
• Execute/support risk assessments as well as defining and implementing improvements for services where you have assigned responsibility within the Corporate sector
• Align with other sectors, stakeholders and clients to ensure appropriate level of control across the Corporate landscape
• Focus on business usage aspects, like Access Control, Communication Security, Incident Management, Supplier Relationship, Training & Awareness, Asset Management, Business Continuity Management, Operations Security and System Acquisition, Dev & Maintenance

Education and experience

Ideally, you bring the following experience:

• Master's degree or equivalent combination of education and experience (e.g., in a technical area, business administration, industrial engineering)
• Minimum 5 years of relevant experience in information security
• Experience and exposure in relevant, global corporate environments
• A solid understanding of the IT security domain
• Certification in CISM, CISA, CISSP or CCSP

Skills

Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems.

To be successful in this role, you will need:

• Strong communication skills and ability to advise business stakeholders
• Pragmatic mindset, putting actions to work
• Business acumen
• Solid technical background related to the ISO2700x and/or NIST standards

Other information

You will be based in Veldhoven, the Netherlands. You will be a member of the ASML Security community; working closely together with the security risk management teams in other sectors and the central security competence teams.