Security manager compliance

Introduction to the Job

The mission of the Security department at ASML is to enable the company to control the protection of its information and assets, as well as those of its customers and suppliers, by applying risk-based efficient measures to people, processes, and technology. We support business goals by embedding security within the DNA of its people, processes, and technologies. ASML’s security team acts as a critical support function, providing risk-based programs, services, and systems to protect employees, knowledge, assets, and the company's reputation. This team is one of multi-expert context and skilled professionals, demanding high standards of skillset making sure we deliver on par for ASML as well nurturing a healthy and safe working environment to strive for the best.

Role and Responsibilities

As a Security Manager Compliance​, you will play an integral role in advancing the rollout of third-party certification for ASML’s Information Security Management System (ISMS) based on ISO 27001 and NIST standards. The position calls for an individual ready to take their career to the next level by driving third-party certification of ASML’s ISMS. Key responsibilities include:

• Leading the creation of plans or roadmaps for different roll-outs of third-party certification for ASML's ISMS.

• Managing the organization of the roll-out: collecting demand, setting the scope, contracting external certification bodies, planning and preparing security audits with the organization.

• Following through on audit findings and ensuring they are resolved

• Managing and updating ISMS documentation and maintaining support tools for the management system.

• Communicating internally with stakeholders about certification

• Delivering training and workshops to stakeholders.

• Cooperating with stakeholders and specialists from other management systems (ISO 9001 and ISO 14001).

Education and experience

For this position, we are looking for someone with strong stakeholder management and communication skills, with the ability to align diverse perspectives.

The ideal candidate will have an IT security background with experience auditing information systems or information management. You should be eager to become an expert in ISO 27001 and NIST CSF certification for ASML’s ISMS through collaboration with global stakeholders and business processes.

The role is crucial as security compliance becomes increasingly important, contributing to certification efforts and supporting compliance-related activities in general.

• A master’s degree in cybersecurity, computer science, information systems, information management, IT audit, or another relevant field is required.

• Prior experience assessing information security-related controls and/or requirements in business processes or applications, such as ISO 27001 auditing.

• Experience with and strong knowledge of ISO 27001 and NIST CSF.

• Understanding of control environments, such as the linkage between risks, control objectives, and controls.

• Sound knowledge of information security controls in various domains, such as access control, encryption, and networks.

• Demonstrated diplomacy skills, with the ability to handle complex discussions and maintain constructive relationships.

• Knowledge of Business Process Management frameworks, IT Management frameworks, e.g., ITIL, familiarity with audit frameworks like COBIT.

Skills

The role requires a combination of expertise and project management abilities, as the expert will be responsible for all aspects of rolling out ISO 27001 and NIST certification.

The following certifications are considered a plus: CISM, CISSP, CISA, CIA, SANS GIAC, NIST CSF implementer; ISO 27K Lead Auditor/Implementer.

Nice to have skills/experience:

• Experience with Agile methodologies.

• Experience with Service Now (governance).

• Familiarity with the NIST Cybersecurity Framework (CSF).

• Understanding of the General Data Protection Regulation (GDPR).

• Relevant experience within the semiconductor sector.

Other Information

A Certificate of Good Conduct “Verklaring Omtrent het Gedrag (VOG)” is required for this position.

The position is based in Veldhoven, Netherlands. The employee reports to the Manager of Security Risk, Policies & Compliance within the Security Strategy, Risk, and Architecture competence center. This is a full-time (40 hours per week) position, with 3 days in office presence.

If you are interested in this position, please apply online with a CV and cover letter. For more information about working at ASML and the application process, visit the company’s website and frequently asked questions page.

This position requires access to controlled technology, as defined in the United States Export Administration Regulations (15 C.F.R. § 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.

Inclusion and diversity

ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that inclusion and diversity is a driving force in the success of our company.

Need to know more about applying for a job at ASML? Read our frequently asked questions.