Sr. Information Security Assurance Lead – Eindhoven
Based in the European epicentre of high-tech development in Eindhoven, our client is a key provider for the semiconductor industry and manufactures machines for the production of integrated circuits.
International Talent eurofirms.nl
The company is heavily R&D driven, and as such, it is critical that intellectual property is duely safeguarded. As an information security manager, you will manage information security risks within the R&D domain, which is a challenging position in an intellectual property-driven enterprise.
Throughout the company multiple disciplines are required to ensure proper identification, mitigation and management of these risks.
R&D Security Risk Management (SRM) operates within the R&D domain, which includes Development & Engineering, System Engineering and all Business Lines. R&D SRM is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution.
R&D Security risk management (SRM) is organized into Focus areas. You will be responsible for the Focus Area ‘Assurance’ where you will manage a small team. Attention areas are Cloud (IaaS/PaaS), Export compliance, anomaly detection and generic compliance to identified risk mitigating controls.
Besides the team management you’ll be expected to perform/assist in information security risk assessments and support the R&D SRM department as a whole.
- Operational management of the ‘Assurance’ function
- Define and implement maturity improvements for the Assurance function
- Define and implement improvements for monitoring of compliance to agreed upon security controls
- Align with other focus area leads on operational management, strategy and execution
- Alignment with risk (action) owners on risk mitigation of identified and agreed upon mitigating controls
- Continuous monitoring of compliance to implemented controls
- Perform information security risk management activities. These activities include the execution of risk assessments, analysis/evaluation of identified risks and proposed mitigating controls.
- Risk control compliance reporting
- Contribute to R&D security risk register maintaining risk control status
- Alignment with other security competences (IT and Business) within the security community
- Contribute to improving risk management means and methods
- Advice and align with the organization on security risk management topics
- Provide and contribute to security awareness trainings for specialized topics within D&E
- 7+ years of relevant experience in information security risk management
- Bachelor degree and relevant education in Information Security. In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
- Proven experience with the ISO27001/2 framework;
- Proven team management skills
- Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP)
- Knowledge of Identity and Access Management processes
- Experience with big-data analytics is a plus
- Knowledge of ISO31000
- Knowledgeable of privacy incl GDPR laws and regulations
- Knowledgeable of (US) export regulations is a plus
- Proven knowledge and experience in the IT security domain
- Familiarity with development and engineering processes, way of working and culture is a plus
- People management
- Team management & team building
- Ability to work effectively in a team environment
- Pro-active and self-motivated with a proven ability to drive results
- Strong analytical and problem-solving skills
- Excellent communication, influencing and negotiating skills
- Ability to translate threats, vulnerabilities and risks at the business stakeholder level and drive risk mitigation, dealing with resistance
- Ability to translate threats and vulnerabilities into business risk and drive mitigation
- Fluent English (written and verbal)
- Work at one of the best valued companies in the sector.
- Very appealing salary conditions.
Send your fully detailed CV to email@example.com