Job Opportunity with ASML in Wilton, Connecticut.
R&D Security Risk Management (RD SRM) operates within the R&D domain, which includes Development & Engineering and System Engineering. The Information Security Risk Manager is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution.
As part of this profile, you will support the RD SRM department as a whole, with responsibility for information security across multiple focus areas, including identity and access management, application security, cloud security, intellectual property protection and projects.
- Perform information security risk management activities across all focus areas. These activities include the execution of generic risk assessments, analysis/evaluation of identified risks and proposed mitigating controls. This may also include:
- Conducting Information Systems Security Assessments (Application Security)
- Completing GRC assessments for new business/IT projects (on-premise and cloud)
- Assessing DevOps environments
- Prepare risk reports, guiding the process on management response and driving the mitigation of agreed controls
- Maintain the R&D security risk register (including product security risks)
- Identify product security exceptions
- Support the product security incident management process
- Alignment with other security competences (IT and Business) within the security community
- Perform generic risk assessments for identified risks and create risk reports
- Ensure compliance to security policies and standards
- Provide and contribute to security awareness trainings for specialized topics, such as secure software development.
- Bachelor degree and relevant education in Information Security.
- In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
- 7+ years of relevant experience in information security risk management.
- Proven experience with the ISO27001/2 framework; background in ISO31000 is also beneficial.
- Knowledgeable of relevant laws and regulations (GDPR, privacy and US export regulations).
- Proven knowledge and experience in the IT security domain.
- Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP.
- Knowledge of Identity and Access Management processes.
- Familiarity with development and engineering processes, way of working and culture.
- Ability to translate IT threats and vulnerabilities into business risk and drive mitigation.
If interested, please apply: https://www.asml.com/en/careers/find-your-job/2/0/1/information-security-risk-manager-req20145