Location: Eindhoven/Veldhoven
Hours a week: 40 hours
Start date: 01/05
End date: 31/12
Option for extension: yes
KEY PURPOSE OF ROLE
As IT Security Operational Risk Manager you are the intermediate between Corporate Risk Management and IT Security. You administer IT security Risks, communicate about these and create awareness with the risk owners.
You ensure that IT security risk mitigation measures land on an IT roadmap and keep track of the resolution of these IT security risks.
You are the linking pin for development of IT security Risk Policy’s towards Corporate Risk Management. Within the IT organization you advise in projects but also outside projects based on detected IT security risks by CRM or Internal Audit.
KEY RESPONSIBILITIES
(the core activities, outputs expected of the role, regulatory & legal requirements)
You will be providing IT Security Risk support within IT of ASML. Thereby you consider a holistic view on managing IT Security risks at ASML.
Identify potential areas of IT security risk for ASML, by performing security risk assessments at process, application, and system level
Recommend risk-mitigating actions, provide high quality, accurate and indepth technical guidance on how to prevent, or deal with, similar situations in the future and define controls to mitigate these risks
Prepare and deliver analysis in the form of presentation(s) to be delivered at one or more of the ASML stakeholders and committees
Assist process and application owners in understanding IT security risk within their domain and assisting them in providing the best solutions to mitigate IT security risk
EXPERIENCE & SKILLS
5+ years of experience in Business and/or IT Operational Risk Management
Strong understanding of business process analysis and supporting IT technologies
Communication skills in order to bring people together when issues need to be solved
Excellent comfortable working in English, both written and spoken
Enthusiastic, self-starting, able to work independently and enjoy new initiatives
Collaborate and support colleagues across the organization, while still able to work independently
Analytical, precise, tenacious, autonomous
Familiar with local laws and legislation, Sarbanes Oxley
KNOWLEDGE AND EDUCATION
Knowledge
Excellent knowledge of outsourcing risks and IT risks from a technical and process perspective
Education
Relevant CISA, CISM Certifications, (CISSP is desirable but not required)