IT Cybersecurity Analyst, Grc

We’re not like most. We don’t just overcome obstacles - we don’t see them. Instead, we see the potential in every person, and every situation. We don’t wait for opportunity to appear - we create it. Meet ASM. A company that has been searching for people just like you._

**Who is ASM?**

ASM is a leading, global supplier of semiconductor wafer processing equipment. Our ambitious team is dedicated to delivering innovative technology solutions to the world’s leading semiconductor manufacturers. We have over 2,600 employees based in 14 countries, including Belgium, Japan, Netherlands, South Korea, Singapore, Taiwan and United States. Together we work to develop Epitaxy, ALD, PEALD, Vertical Furnaces and PECVD thin-film deposition technologies for our customers. Our goal is to remain an industry leader by being ahead of what’s next. We accomplish this by focusing on finding collaborative solutions to make integrated circuits, or chips, smaller, faster and even more powerful.

**ASM, an inclusive workplace**

We at ASM are a truly global organization that works diligently with an open-mind in all areas of our business. We strive for a culture and work style that fosters trust and transparency. We put our people first, and that is how we will continue to succeed. We are an equal opportunity employer and value diversity. We recognize and value the differences between individuals, including gender, ethnicity, religious beliefs, sexual orientation, knowledge and experience, work background, age, skills, amongst others. Recruiting and developing a diverse workforce provides a wide range of perspectives. This enables a culture of continuously exploring and adopting new technological ideas and innovations, and it also enables us to deliver excellent products and service to our clients.

**Position Specification**

Job title: IT Cybersecurity Analyst, GRC

Reporting line: Reporting to the Senior Manager, IT Security and GRC.

This role will be based in: Singapore

Position summary: The GRC Security Analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The GRC security analysts will stay up-to-date on the latest cybersecurity intelligence, including hackers' methodologies, in order to modify standards and controls that govern cybersecurity across the corporation.

**Key Responsibilities**:

- Perform cybersecurity and compliance assessments on new and existing systems, processes, technology.
- Support vendor due-diligence process and help to lead and define overall vendor risk management efforts.
- Work with various business units to ensure controls are adequate, appropriate, and effective.
- Support internal and external audit process for relevant compliance concerns including IT General, Application and Process Controls.
- Participate in disaster recovery and business continuity planning.
- Perform business impact analysis and assist with development of IT/InfoSec risk register.
- Interface with Global IT and business partners to provide guidance and support.
- Perform periodic gap assessments to validate compliance on an ongoing basis.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
- Ready to take on addition responsibilities and roles such as cybersecurity project implementation, Security Operation, Purple Team and etc.
- Security certifications such as CIPP, CISA, CSIR or ISO27001 Lead Auditor
- Experience in Implementing security controls, risk assessment framework, and program that align to regulatory requirements
- At least 5 years of IT and operation experience
- Bachelor’s degree relevant to Information Technology, Computer Science/Engineering (or equivalent)
- Experience on various technologies such as Microsoft, Azure and SAP
- 2 years Working experience in cybersecurity solutions such as Security Configuration Management, GRC, DLP and etc.
- Deep domain knowledge, ideally with experience with global exposure and strong understanding knowledge of cloud computing.
- Cloud solution provider certification such as Azure will be a bonus.

**Technical Skills & Knowledge**:

- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- Knowledge on industry standards such as ISO27001, COBIT, NIST, CIS, CSA, OSWAP, GDPR and etc.
- Performs and investigates internal and external cybersecurity risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineer