Als voorkeursleverancier/mantelpartij voor ASML zijn we op zoek naar een Information Security Risk Manager – Cloud & Compliance
 

Startdatum: z.s.m.
Einddatum: 31-12-2025 (met optie op verlenging)
Aantal uur: 36
Locatie: Veldhoven / hybride
ZZP?: geen optie 
Uiterlijke indieningsdatum van uw profiel en motivatie: voor maandag 27-10-25, voor 10uur

Let erop dat bij de aanbieding naar de klant gebruik wordt gemaakt van een Cv in Word van maximaal 5 A4.
 

Opdracht omschrijving

Achtergrond

ASML is the largest supplier in the world of photolithography systems for the semiconductor industry and manufactures machines for the production of integrated circuits. It is heavily R&D driven company and as such our IP is most important to ensure we properly safeguard this.

As a senior security risk manager you will manage information security and compliance risks in the R&D domain, which is a challenging position in an Intellectual Property driven enterprise.

In the ASML security governance, information security risk management is embedded in the sectors itself via so-called sector Security risk management.

The Hardware Cluster Security and Compliance team operates within the Research & Development domain which includes D&E, System Engineering, intellectual property and the Business Lines. The team helps R&D teams to integrate new (public cloud) services in their business process by giving architectural guidance, control costs and ensure we operate within the R&D risk appetite.

As part of this information security risk manager profile you will be responsible for:

• Assessing and advising R&D (cloud /AI) initiatives on risk to information security and compliance aspects.
• Deliver and monitor security requirements in line with the sensitivity and importance of the subject.
• Communicate and advise security risk management, projects, business and IT partners on information security improvements and requirements by ensuring business agility.
• Drive absorption of security and compliance mindset, processes, policies and standards in larger R&D departments

The majority of the work will focus on R&D cloud initiatives but will also contain on-prem projects.
 

Werkzaamheden

Ensure security risks do not exceed the risk appetite by timely identifying and assessing risks and propose mitigating controls conform best practice, policies and standards. Identify gaps, propose improvements and update/create policies, standards, means and methods. Monitor and report adherence to required security controls. Drive business awareness on security processes, initiatives and define key guidelines to resolve recurring gaps

This role focusses on information security within the Hardware related departments by amongst others performing information security risk management activities in cloud initiatives during the various phases to ensure security by design. Besides these domains you will be expected to also perform/assist in generic security risk assessments and support the Information Management department as a whole. Stakeholder management across R&D business is essential to gather security priorities, showcase risks portfolio and gather firm commitment to mitigate. Drive and shape D&E information management security and compliance initiatives for business absorption. The role will be influential to adhere to secure by design principles.

• Performing information security risk management and compliance activities in cloud/on-prem environments, projects and initiatives.
• Provide risk mitigating controls and guidance to the DevOps teams.
• Report to risk owners on residual risk on operational and tactical level.
• Contribute to improving means and methods related to our focus domains.
• Actively participate in agile, SAFe ceremonies by ensuring security considerations are part of the continuous improvement cycle
• Align with other security competences (IT and Business) within the security community.
• Perform, advice and follow up on generic risk assessments and identified risks.
• Drive mitigation of agreed controls
• Ensure compliance to security policies and standards
• Alignment with IT (-security) and Risk & Business Assurance department on controls
• Define and drive security maturity
• Be the trusted partner for key decision makers for security demands, advice and influence

 

Eisen

• 8+ years of relevant experience in information security risk management.
• Proven understanding / knowledge / experience in the IT security domain.
• Proven experience with the ISO27001 risk management framework.
• Solid knowledge on IaaS, PaaS and SaaS (information) security risks(preferably on Azure and GCP)
• Affinity with Research and Development processes, way of working and culture.
• At least a bachelor degree and or relevant education in Information Security, Audit and or Cloud
• In possession of valid industry certifications (e.g. CISM, CISA, CISSP, CRISC, CCSP).
• In possession of a valid work permit for The Netherlands.

 

Wensen

• Knowledge on Product Lifecycle Management (PLM) processes and tools (like Siemens Teamcenter)
• Knowledge of export regulations.
• Experience in working in Agile (SAFe) environments
• Able to understand and translate IT threats and vulnerabilities to business risk.
• Experience or affinity with traditional or GenAI solutions - or willingness to educate

 

Competenties

• Strong analytical skills.
• Dealing with resistance and reluctance.
• Pro-active and self-motivated with the proven ability to drive results.
• Team player.
• Pragmatic.
• Excellent communication, influencing and negotiating skills.
• Communication and stakeholder management skills at different levels of the organization and with outside vendors and service providers.
• Fluent English (written and verbal).

 

Hoe dient uw aanbieding verzorgd te zijn

Cv (5 a4 en in het Nederlands)) Word-formaat waarin de eisen en waar mogelijk de wensen aantoonbaar in jouw werkervaring terug te lezen zijn, zodat je kunt laten zien dat je aan het gevraagde voldoet.

Begeleidende (persoonlijke) motivatie (ik- vorm) op deze aanvraag gericht.

Beschikbaarheid (wanneer, hoeveel uur per week en eventuele vakantieplannen).

Uurtarief (inclusief reis- en verblijfskosten en excl. BTW).
 

N.B.
Aanbiedingen op basis van exclusiviteit en beschikbaarheid voor een eventueel (online) intakegesprek (in overleg).
Na ontvangst van de aanbieding ontvangt u z.s.m. een reactie, via de mail, telefoon.

De aanbesteding van deze Mantel is (mede) gegund aan de combinatie DiVetro, Bartosz en LINKIT. Er is hier geen sprake van doorleen en tariefstapeling, omdat we naar de klant toe één aanbieder zijn. DiVetro heeft het exclusieve recht om aanvragen te vervullen op het gebied van analyse, sourcing, agile/scrum, regievoering, waaronder management, security en architectuur. Voor deze aanvragen zijn wij altijd op zoek naar specialisten op dit vakgebied.

Vragen over deze aanvraag en/of onze dienstverlening? Neem dan gerust contact met mij op. Direct aanbieden op deze aanvraag? Dat mag ook. Dan neem ik na ontvangst graag contact op.

Voor andere aanvragen zie: https://divetro.catsone.nl/careers/5320-General.

Met vriendelijke groeten,

Tomas Senne
T: +31(0) 88 000 5400
M: +31(0) 6 53259257 
E: tomas.senne@divetro.nl 
Website: www.divetro.nl
Voor opdrachten bij interessante klanten: Klik hier!
Voor praktijkgericht leren; trainingen & workshops: Klik hier!