Product Security Compliance, Risk, and Assurance Manager - HightechSenior Noord-Brabant Software / IT
NOTE: The client is looking for local candidates only.
The organization is the largest supplier in the world of photolithography systems for the semiconductor industry and manufactures machines for the production of integrated circuits. It is heavily R&D driven company and as such our IP is most important to ensure we properly safeguard this.
All R&D is performed to deliver products to our customers (whether in physical or software only form). Changing threat and risk horizons require us to further improve on product security focusing on cyber security and information security resilience in respectively products and product intellectual property.
The product security compliance, risk, and assurance manager is responsible for assuring the business develops their products cyber and information security risk appetite by developing, maintaining, and improving product security risk management framework -including means and methods- in alignment with risk appetite and business needs.
Wat verwachten we van jou?
- EducationYou completed a Bachelor/ Master degree or equivalent combination of education and experience.ExperienceYou have at least 10 years of relevant experience in IT security, OT security and information security risk management;
- You have a strong IT and software architecture knowledge and background;
- You have proven experience with risk management frameworks such as ISO 27001;
- You have vendor agnostic expertise of IT/ software architecture;
- Pre: proven experience in secure software development and secure programming;
- Pre: Experience with certificates and encryption techniques;
- You have security certifications like CISSP, and CISM;
- You have specialized security risk certifications like CISA, CRISK, and ISO 27001 Lead Auditor.Personal skillsYou have skills to lead, influence, and negotiate without authority;
- You have a business enabling security attitude in opposite to a business disabling one;
- You have strong analytical skills in combination with common sense;
- You have the ability to translate risk, threats, and vulnerabilities to business stakeholder level and to drive risk mitigation, dealing with resistance and risk appetite;
- You have a pro-active and self-motivated attitude;
- You are political aware and sensitive;
- You are fluent in English (written and verbal);
- You are a team player;
- You have strong communication and presentation skills;
- You have the drive to retrieve the root cause of the problem.Context of the positionThe product security compliance, risk, and assurance manager is positioned within the Information Management, R&D Security Risk Management department which is part of the Development & Engineering business function. The product security compliance, risk, and assurance manager will functionally report to the product security focus group lead and hierarchically to the R&D sector security risk manager.
As product security compliance, risk, and assurance manager in the Hightech industry you are responsible for:
Development, maintenance, and improvement of the product security compliance, risk, and assurance means and methods such as policies, standards, benchmarks, guidelines, assessment tooling and security processes;
For the integration of product security means and methods in business/ product development processes;
The alignment of product security risk management framework with cross-product security reference architecture;
Execute product security control and risk assessments and drive mitigation in product development processes;
For registering and maintaining product security risks and exceptions in respective R&D registers;
For product security risk and assurance process, risk register, exception management process, incident management process, and product security policy framework management process, including process improvements;
Lead and drive maturity improvements, like embedding compliance, risk, and assurance means and methods in GRC, security management, and service management tooling;
For setup and maintenance of product security KPI’s reporting;
Provide and contribute to security awareness trainings for specialized topics such as secure software development.