14/12/2020
Eindhoven
IT
Netherlands

Sr. Information Security Assurance Lead – Eindhoven

Eindhoven

Introduction

Based in the European epicentre of high-tech development in Eindhoven, our client is a key provider for the semiconductor industry and manufactures machines for the production of integrated circuits.

Organization

International Talent eurofirms.nl

Function

The company is heavily R&D driven, and as such, it is critical that intellectual property is duely safeguarded. As an information security manager, you will manage information security risks within the R&D domain, which is a challenging position in an intellectual property-driven enterprise.

Throughout the company multiple disciplines are required to ensure proper identification, mitigation and management of these risks.

R&D Security Risk Management (SRM) operates within the R&D domain, which includes Development & Engineering, System Engineering and all Business Lines. R&D SRM is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution.

R&D Security risk management (SRM) is organized into Focus areas. You will be responsible for the Focus Area ‘Assurance’ where you will manage a small team. Attention areas are Cloud (IaaS/PaaS), Export compliance, anomaly detection and generic compliance to identified risk mitigating controls.

Besides the team management you’ll be expected to perform/assist in information security risk assessments and support the R&D SRM department as a whole.

Key responsibilities:

  • Operational management of the ‘Assurance’ function
  • Define and implement maturity improvements for the Assurance function
  • Define and implement improvements for monitoring of compliance to agreed upon security controls
  • Align with other focus area leads on operational management, strategy and execution
  • Alignment with risk (action) owners on risk mitigation of identified and agreed upon mitigating controls
  • Continuous monitoring of compliance to implemented controls
  • Perform information security risk management activities. These activities include the execution of risk assessments, analysis/evaluation of identified risks and proposed mitigating controls.
  • Risk control compliance reporting
  • Contribute to R&D security risk register maintaining risk control status
  • Alignment with other security competences (IT and Business) within the security community
  • Contribute to improving risk management means and methods
  • Advice and align with the organization on security risk management topics
  • Provide and contribute to security awareness trainings for specialized topics within D&E

Function-eisen

Experience:

  • 7+ years of relevant experience in information security risk management
  • Bachelor degree and relevant education in Information Security. In possession of one or more valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
  • Proven experience with the ISO27001/2 framework;
  • Proven team management skills
  • Experience in dealing with IaaS and PaaS (information) security risks (preferably on Azure and GCP)
  • Knowledge of Identity and Access Management processes
  • Experience with big-data analytics is a plus
  • Knowledge of ISO31000
  • Knowledgeable of privacy incl GDPR laws and regulations
  • Knowledgeable of (US) export regulations is a plus
  • Proven knowledge and experience in the IT security domain
  • Familiarity with development and engineering processes, way of working and culture is a plus

Personal Skills:

  • People management
  • Team management & team building
  • Ability to work effectively in a team environment
  • Pro-active and self-motivated with a proven ability to drive results
  • Strong analytical and problem-solving skills
  • Excellent communication, influencing and negotiating skills
  • Ability to translate threats, vulnerabilities and risks at the business stakeholder level and drive risk mitigation, dealing with resistance
  • Ability to translate threats and vulnerabilities into business risk and drive mitigation
  • Fluent English (written and verbal)

Offer

  • Work at one of the best valued companies in the sector.
  • Very appealing salary conditions.

Job application

Send your fully detailed CV to thomas.buve@eurofirms.com