What could be a better place for you than a heavily R&D driven market leader of photolithography systems for the semiconductor industry?! This is for sure a rhetorical question, thus read the rest and make sure this role is “precisely-engineered” for you!
You will join the company where it is critical to properly safeguard intellectual property, therefore it will be your vital duty to manage information security risks within the R&D domain, which is a truly challenging task in an intellectual property-driven enterprise.
You will be responsible for the Focus Area ‘Assurance’ where you will manage a small team. Attention areas are Cloud (IaaS/PaaS), Export compliance, anomaly detection, and generic compliance to identified risk-mitigating controls. Besides the team management, you’ll be expected to perform/assist in information security risk assessments and support the R&D Security Risk Management department as a whole.
You will:
- Manage operations of, and define and implement maturity improvements for the
‘Assurance’ function;
- Align with risk (action) owners on risk mitigation of identified and agreed upon mitigating controls;
- Continuously monitor compliance to implemented controls;
- Perform information security risk management activities;
- Report on risk control compliance;
- Contribute to R&D security risk register maintaining risk control status;
- Align with other security competencies (IT and Business) within the security community;
- Contribute to improving risk management means and methods;
- Advise and align with the organization on security risk management topics including security awareness training;
- Report to the R&D Sector Security Risk Manager.
You bring:
- 7+ years of relevant experience in information security risk management;
- A formal degree in Information Security;
- One or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP);
- Proven experience with the ISO27001/2 framework;
- Proven team management skills;
- Experience in dealing with IaaS and PaaS security risks on Azure and GCP;
- Knowledge of Identity and Access Management processes;
- Knowledge of ISO31000;
- Knowledgeable of privacy incl. GDPR laws and regulations;
- Familiarity with development and engineering processes;
- Pro-active and self-motivated with a proven ability to drive results;
- Excellent communication, influencing, and negotiating skills;
- Ability to translate threats and vulnerabilities into business risk and drive mitigation.
You get:
- Unparalleled remuneration and fringe benefits package;
- A chance to work with professionals in a technical and high-end environment;
- Dynamic environment with opportunities for personal development and growth;
- Challenges and multidisciplinary projects in high-tech environment;
- A rather high level of autonomy;
- International opportunities.