Head of second line IT security

Be part of progress: Lead Operational Excellence in IT Security at ASML

Introduction to the job

As Head of Second Line - IT Security, you will drive operational excellence across departments, enhancing the maturity of the Second Line of Responsibility (2LoR) (IT) Security organization function and driving changes according to the organization’s standard means and methods.

Role and responsibilities

In this role, you will align security initiatives of the department with ASML's strategic objectives and contribute to ASML's Security Strategy, translating it into tactical plans, roadmaps, portfolios, and projects. You will showcase visionary leadership by having a clear vision that inspires and motivates others, providing a clear sense of purpose, and giving direction in a compelling way. As a role model, you empower team members to take ownership of their work and contribute to the team and department's success.

You are responsible for stakeholder management regarding 2LoR (IT) security matters and will develop and/or contribute to policies in collaboration with stakeholders. You foster cross-functional collaboration and partnership in the Security Community at all times, breaking down silos and leveraging diverse perspectives to drive innovation and problem solving.

You will lead the development and execution of an annual plan, set team targets for the department, and take appropriate action where necessary to ensure the achievement of targets within budget and time. You manage reports on performance within the department or area of responsibility through appropriate performance objectives. You oversee verification of standards and controls (policy) implementation within the sector and use Security governance to drive the ASML Security Strategy and related priorities.

Key responsibilities include:

• Shaping, implementing, and maintaining the 2LoR operating model.
• Oversight and monitoring.
• Compliance assurance.
• Policy, standard, and control development.
• Conducting independent security assessments.
• Providing (people) leadership to the 2LoR team.

Education and experience

• Master’s degree working and thinking level.
• 8+ years of management experience leading a team in a complex, multi-disciplinary, and preferably multinational corporate security environment.
• Proven track record in IT security at strategic and tactical level (2LoR).
• Proven experience with information security risk assessments and auditing is preferred.
• Knowledge of security frameworks like ISO 27001, NIST, SANS, ISA / IEC 62443k, and Compliance.

Skills

Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems. To be successful in this position, it is essential that you:

• Take responsibility and act decisively.
• Show critical sense and manage criticism.
• Have strong stakeholder management skills.
• Can build solid relationships of trust at different levels.
• Have strong organization and delegating skills, driving results.

Other information

• Either a GICSP, CISM, CISSP, or CISA certificate is considered as a pre.
• A Certificate of Good Conduct “Verklaring Omtrent het Gedrag (VOG)” is required for this position.

The 2LoR (IT) Security is an independent competence team in the CISO organization, with a solution mindset to keep ASML secure by defining and prescribing requirements through policies, standards, and controls. In this role, you will provide expert advisory to sectors on complex (IT) security topics, validate adherence to policies and standards, conduct control testing by conducting security control assessments, and report on control (design) effectiveness. You are responsible for intervening, escalating, and supporting sectors with resolution and follow-up, as well as maintaining and improving the security control framework.

Unlocking the potential of people and society by pushing technology to new limits, that is what ASML stands for. Be part of the team that ensures ASML’s purpose can continue to be successful by protecting and securing its physical and digital assets.

Digitalisation is all about data, and data must be trusted for ASML to be successful and deliver top-notch technical solutions in the semiconductor industry. ASML’s Security department is therefore seen as pivotal for the success and sustainable growth of ASML. Not only the number of employees, but also its ever-expanding supplier and customer base are demanding beyond best-in-class security. This dynamic and challenging environment requires beyond best-in-class security professionals and people leaders.

This position requires access to controlled technology, as defined in the United States Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.