The Senior IT Security Risk Specialist is pivotal in safeguarding the organization’s digital infrastructure and ensuring its resilience based on information security resources and capabilities in place (e.g., people, hardware, software, policies). This role is dedicated to build a strong information security base by, among others, making sure our security risks are identified, security policies and standards are translated into controls for deployment and security incidents are mitigated in time. The goal is to provide the foundation needed to empower the IT & Data department to make informed decisions and enhance its overall digital resilience.
The role involves close collaboration with various departments inside and outside the IT & Data department (e.g., Risk and Business Assurance, Internal Audit and other 1st line Sector Security teams).
Role and responsibilitiesAs Senior IT Security Risk Specialist you are part of our “Foundation Team” that will work interchangeable on our “identify” and security risk management capabilities. This gives you a wide range of responsibilities and deliverables. A grasp of what you can expect in this position:
Perform (security) risk assessments to evaluate the level of compliancy of operational teams.Act upon security incidents and identify and follow-up upon mitigation actions that need to be brought in place to remediate the incident.Support with translating security policies and standards into baselines, requirements and controls for the purpose of deployment.Stay updated on emerging cybersecurity threats to design and adjust the security control framework accordingly.Review policy exceptions and remediation actions to determine whether risks have sufficiently been mitigated. Align with operational security officers different security initiatives and projects.Drive the closure of (internal) audit findings and report upon the status towards management.Education and experienceAcademic working and thinking level; a Bachelor’s degree in Information Security, Risk Management, Computer Science or an equivalent is preferred.> 5 years of work experience and at least 3 years in the security domain, with a focus on risk management, assurance and compliance.Demonstrably experience in executing security risk assessments / auditing, documenting, reporting and follow up;Relevant certifications such as CRISC, CISSP, CISM or CISA.Strong understanding of cybersecurity frameworks and standards (e.g., NIST, CIS, ISO27001).SkillsWorking at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues. There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems. To thrive in this job, you’ll need the following skills:
If you don’t meet the above-mentioned requirements, or only a part of them, and you still feel your profile is a great match with this job description, please apply and we’d like to get in touch.
ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company.
Need to know more about applying for a job at ASML? Read our frequently asked questions.