CS&S - Security Risk Manager - Linkou/Hsinchu/Taichung/Tainan
Indexed description
At ASML, the Three Lines of Responsibility model is applied, with security capabilities organized centrally (second line) and security risk management embedded within each sector (first line).
To support several sectors in Taiwan, we are looking for a Security Risk Manager to ensure that information security risks remain within the organization’s risk appetite.
You will be part of a global Security Risk Management (SRM) team that:
- Identifies and assesses information security risks in processes and applications
- Recommends mitigations to reduce risk to acceptable levels
- Supports risk owners in implementing mitigation actions
- Monitors and reports progress to stakeholders
Creating awareness and educating stakeholders at all levels is a key responsibility. In addition, the team drives company-wide initiatives to strengthen and mature information security capabilities.
Role and Responsibilities
As a Security Risk Manager, you will be the first point of contact in Taiwan for assigned sectors on security-related topics. Your main responsibilities include:
- Handle local security incidents
- Provide security awareness training
- Execute application risk assessments
- Support new initiatives through risk scoping
- Define security requirements and validate proper implementation
- Create visibility into the local risk landscape of supported sectors
- Evaluate risks against the organization’s risk appetite
- Recommend, support, and guide risk owners in implementing mitigation actions
- Report to local and central stakeholders
- Actively participate in programs, projects, and changes
- Support the business during internal and external audits
Education and Experience
To be successful in this role, you bring strong expertise in security risk management and experience working in complex environments, along with:
- Bachelor’s degree in Information Security, Cybersecurity, Computer Science, or a related field
- Minimum of 10 years’ experience in information security risk management
- Relevant certifications such as CISSP, CISM, or CRISC (strongly preferred)
- Experience with risk assessment, risk treatment, and control design
- Knowledge of information security standards and risk frameworks (e.g., ISO 27001, NIST)
- Experience protecting confidential information and intellectual property
- Familiarity with identity and access management and secure collaboration practices
- Experience working with stakeholders at different organizational levels and in cross-functional teams
- Ability to translate policies and procedures into operational activities
- Strong communication and influencing skills
- Ability to analyze risks and translate them into business impact
- Ownership and ability to drive results in a complex environment
- Strong relationship-building skills and ability to influence without authority
- Strong analytical and problem-solving capabilities
- Ability to collaborate effectively across diverse teams
- Proactive mindset with a focus on continuous improvement
- Strategic thinking and strong risk prioritization skills
- Flexibility to adapt to changing priorities and organizational needs
- Passion for improving security awareness and maturity
- Strong verbal and written communication skills in English
- Confidence to speak up when risks, opportunities, or concerns are identified
You will report to the Regional Group Lead based in Veldhoven. In addition to supporting CS&S, you will also support other global sectors such as IT, Corporate Real Estate, and several Corporate functions.
You will collaborate with the broader ASML security community across business sectors. ASML supports your professional growth through continuous learning opportunities and exposure to international teams and projects.
The position offers competitive compensation. Job grade will be determined based on qualifications, experience, and competencies.
This position requires access to controlled technology, as defined in the United States Export Administration Regulations (15 C.F.R.
- 730, et seq.). Qualified candidates must be legally authorized to access such controlled technology prior to beginning work. Business demands may require ASML to proceed with candidates who are immediately eligible to access controlled technology.
Need to know more about applying for a job at ASML? Read our frequently asked questions.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search