R&D Security Risk Manager – App Security / Projects – Eindhoven
Based in the European epicentre of high-tech development in Eindhoven, our client is a key provider for the semiconductor industry and manufactures machines for the production of integrated circuits.
The company is heavily R&D driven, and as such, it is critical that intellectual property is duely safeguarded. As an information security manager, you will manage information security risks within the R&D domain, which is a challenging position in an intellectual property-driven enterprise.
Throughout the company multiple disciplines are required to ensure proper identification, mitigation and management of these risks.
R&D Security Risk Management (SRM) operates within the R&D domain, which includes Development & Engineering, System Engineering and all Business Lines. R&D SRM is responsible for keeping information security risks within the R&D risk appetite by identifying and assessing risks, driving risk mitigation and monitoring execution.
As part of this profile you will be responsible for:
- Assessing and Advice existing or new Business and IT services (on premise or cloud) on risk to information security aspects.
- Deliver and monitor security requirements in line with the sensitivity and importance of the subject and company policies and standards.
- Communicate and advise security risk management, projects, business and IT partners on information security improvements and requirements.
This role focusses on information security in the applications and projects domain by amongst others performing Information Systems Security Assessments over R&D owned applications/information systems. Besides these domains you will be expected to also perform/assist in generic security risk assessments and support the R&D Security Risk Management team as a whole.
- Performing Information Systems Security Assessments, write Information Systems Security Reports and provide guidance to risk owners on management response and mitigation.
- Contribute to improving means and methods related to our focus domains.
- Align with other projects and application security competences (IT and Business) within the security community.
- Perform, advice and follow up on generic risk assessments and identified risks.
- Drive mitigation of agreed controls
- Update the D&E security risk register
- Ensure compliance to security policies and standards
- Alignment with IT (-security) on controls and activities required
- 5+ years of relevant experience in information security risk management.
- A bachelor degree or higher and relevant education in Information Security, Audit, Cloud and/or SAP Security.
- In possession of valid industry certifications (CISM, CISA, CISSP, CRISC, CCSP).
- In possession of a valid work permit for The Netherlands.
- Understanding / knowledge / experience in the IT security domain.
- Experience with the ISO27001 & ISO31000 risk management framework.
- Experience with Identity and Access Management processes.
- Knowledge and experience of Big Data and Big Compute security.
- Affinity with Research and Development processes, way of working and culture.
- Pro; Knowledge of export regulations.
- Pro; Knowledge of GCP and Azure platforms and deployments (IAAS, PAAS and SAAS).
- Pro; Solid devops (SAFe) and project management understanding.
- Pro; Able to understand and translate IT threats and vulnerabilities to business risk.
- Strong analytical skills.
- Communication and stakeholder management skills at different levels of the organization and with outside vendors and service providers.
- Dealing with resistance and reluctance.
- Pro-active and self-motivated with the proven ability to drive results.
- Team player.
- Excellent communication, influencing and negotiating skills.
- Fluent English (written and verbal).
- Work at one of the best valued companies in the sector.
- Very appealing salary conditions.
Send your fully detailed CV to firstname.lastname@example.org