IT Security Risk Manager

Location: Eindhoven/Veldhoven
Hours a week: 40 hours
Start date: 01/05
End date: 31/12
Option for extension: yes
 

As IT Security Operational Risk Manager you are the intermediate between Corporate Risk Management and IT Security. You administer IT security Risks, communicate about these and create awareness with the risk owners.
You ensure that IT security risk mitigation measures land on an IT roadmap and keep track of the resolution of these IT security risks.
You are the linking pin for development of IT security Risk Policy’s towards Corporate Risk Management. Within the IT organization you advise in projects but also outside projects based on detected IT security risks by CRM or Internal Audit.

You will be providing IT Security Risk support within IT of ASML. Thereby you consider a holistic view on managing IT Security risks at ASML.

• Identify potential areas of IT security risk for ASML, by performing security risk assessments at process, application, and system level
• Recommend risk-mitigating actions, provide high quality, accurate and indepth technical guidance on how to prevent, or deal with, similar situations in the future and define controls to mitigate these risks
• Prepare and deliver analysis in the form of presentation(s) to be delivered at one or more of the ASML stakeholders and committees
• Assist process and application owners in understanding IT security risk within their domain and assisting them in providing the best solutions to mitigate IT security risk

• 5+ years of experience in Business and/or IT Operational Risk Management
• Strong understanding of business process analysis and supporting IT technologies
• Communication skills in order to bring people together when issues need to be solved
• Excellent comfortable working in English, both written and spoken
• Enthusiastic, self-starting, able to work independently and enjoy new initiatives
• Collaborate and support colleagues across the organization, while still able to work independently
• Analytical, precise, tenacious, autonomous
• Familiar with local laws and legislation, Sarbanes Oxley

      Knowledge

• Excellent knowledge of outsourcing  risks and IT risks from a technical and process perspective

Education

• Relevant CISA, CISM Certifications, (CISSP is desirable but not required)

Technical knowledge of: 

• IT infrastructure
• IT applications