cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mrduaneh
Viewer

Information Security Risk Manager

Job Opportunity with ASML in Wilton, Connecticut. 

 

R&D Security Risk Management (RD SRM) operates within the R&D domain, which includes Development & Engineering and System Engineering. The Information Security Risk Manager is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution. 

 

As part of this profile, you will support the RD SRM department as a whole, with responsibility for information security across multiple focus areas, including identity and access management, application security, cloud security, intellectual property protection and projects. 
Job Description
  • Perform information security risk management activities across all focus areas. These activities include the execution of generic risk assessments, analysis/evaluation of identified risks and proposed mitigating controls. This may also include:
  • Conducting Information Systems Security Assessments (Application Security)
  • Completing GRC assessments for new business/IT projects (on-premise and cloud) 
  • Assessing DevOps environments
  • Prepare risk reports, guiding the process on management response and driving the mitigation of agreed controls
  • Maintain the R&D security risk register (including product security risks)
  • Identify product security exceptions
  • Support the product security incident management process
  • Alignment with other security competences (IT and Business) within the security community
  • Perform generic risk assessments for identified risks and create risk reports
  • Ensure compliance to security policies and standards
  • Provide and contribute to security awareness trainings for specialized topics, such as secure software development.
Education
  • Bachelor degree and relevant education in Information Security.
  • In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
  • 7+ years of relevant experience in information security risk management.
Experience
  • Proven experience with the ISO27001/2 framework; background in ISO31000 is also beneficial. 
  • Knowledgeable of relevant laws and regulations (GDPR, privacy and US export regulations).
  • Proven knowledge and experience in the IT security domain.
  • Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP.
  • Knowledge of Identity and Access Management processes.
  • Familiarity with development and engineering processes, way of working and culture.
  • Ability to translate IT threats and vulnerabilities into business risk and drive mitigation.

 

If interested, please apply: https://www.asml.com/en/careers/find-your-job/2/0/1/information-security-risk-manager-req20145

 

1 Reply
bmuzhanje
Newcomer I

Is this job still available?, I am interested, with over 7 years experience in IT Risk, Audit and Security and a holder of CISA, CRISC, CISM and CISSP certs.

bmuzhanje@gmail.com
mrduaneh
Viewer

Information Security Risk Manager

Job Opportunity with ASML in Wilton, Connecticut. 

 

R&D Security Risk Management (RD SRM) operates within the R&D domain, which includes Development & Engineering and System Engineering. The Information Security Risk Manager is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution. 

 

As part of this profile, you will support the RD SRM department as a whole, with responsibility for information security across multiple focus areas, including identity and access management, application security, cloud security, intellectual property protection and projects. 
Job Description
  • Perform information security risk management activities across all focus areas. These activities include the execution of generic risk assessments, analysis/evaluation of identified risks and proposed mitigating controls. This may also include:
  • Conducting Information Systems Security Assessments (Application Security)
  • Completing GRC assessments for new business/IT projects (on-premise and cloud) 
  • Assessing DevOps environments
  • Prepare risk reports, guiding the process on management response and driving the mitigation of agreed controls
  • Maintain the R&D security risk register (including product security risks)
  • Identify product security exceptions
  • Support the product security incident management process
  • Alignment with other security competences (IT and Business) within the security community
  • Perform generic risk assessments for identified risks and create risk reports
  • Ensure compliance to security policies and standards
  • Provide and contribute to security awareness trainings for specialized topics, such as secure software development.
Education
  • Bachelor degree and relevant education in Information Security.
  • In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
  • 7+ years of relevant experience in information security risk management.
Experience
  • Proven experience with the ISO27001/2 framework; background in ISO31000 is also beneficial. 
  • Knowledgeable of relevant laws and regulations (GDPR, privacy and US export regulations).
  • Proven knowledge and experience in the IT security domain.
  • Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP.
  • Knowledge of Identity and Access Management processes.
  • Familiarity with development and engineering processes, way of working and culture.
  • Ability to translate IT threats and vulnerabilities into business risk and drive mitigation.

 

If interested, please apply: https://www.asml.com/en/careers/find-your-job/2/0/1/information-security-risk-manager-req20145