Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
1 Reply
Newcomer I

Re: Information Security Risk Manager

Is this job still available?, I am interested, with over 7 years experience in IT Risk, Audit and Security and a holder of CISA, CRISC, CISM and CISSP certs.

Information Security Risk Manager

Job Opportunity with ASML in Wilton, Connecticut. 


R&D Security Risk Management (RD SRM) operates within the R&D domain, which includes Development & Engineering and System Engineering. The Information Security Risk Manager is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution. 


As part of this profile, you will support the RD SRM department as a whole, with responsibility for information security across multiple focus areas, including identity and access management, application security, cloud security, intellectual property protection and projects. 
Job Description
  • Perform information security risk management activities across all focus areas. These activities include the execution of generic risk assessments, analysis/evaluation of identified risks and proposed mitigating controls. This may also include:
  • Conducting Information Systems Security Assessments (Application Security)
  • Completing GRC assessments for new business/IT projects (on-premise and cloud) 
  • Assessing DevOps environments
  • Prepare risk reports, guiding the process on management response and driving the mitigation of agreed controls
  • Maintain the R&D security risk register (including product security risks)
  • Identify product security exceptions
  • Support the product security incident management process
  • Alignment with other security competences (IT and Business) within the security community
  • Perform generic risk assessments for identified risks and create risk reports
  • Ensure compliance to security policies and standards
  • Provide and contribute to security awareness trainings for specialized topics, such as secure software development.
  • Bachelor degree and relevant education in Information Security.
  • In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
  • 7+ years of relevant experience in information security risk management.
  • Proven experience with the ISO27001/2 framework; background in ISO31000 is also beneficial. 
  • Knowledgeable of relevant laws and regulations (GDPR, privacy and US export regulations).
  • Proven knowledge and experience in the IT security domain.
  • Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP.
  • Knowledge of Identity and Access Management processes.
  • Familiarity with development and engineering processes, way of working and culture.
  • Ability to translate IT threats and vulnerabilities into business risk and drive mitigation.


If interested, please apply: