Senior Cybersecurity Analyst, Risk

ASM is a leading global supplier of products, services, and materials for semiconductor processing. For more than half a century, innovation has been at the core of everything we do. Our smart, ambitious people are dedicated to creating cutting-edge solutions for the world’s leading semiconductor providers. Every day we push the development of next-generation computer-chip technology, always staying a few steps ahead of what’s next._
- _
- The talented, enthusiastic people at ASM are just like you: dedicated to improving people’s lives and unlocking new potential. With our collaborative approach to R&D, we advance key semiconductor technologies and platforms like ALD, epitaxy, PEALD, PECVD, and vertical furnaces. And we have recently entered the promising high-growth market: silicon carbide epitaxy. Year after year, our innovations help to make chips smaller, faster, and more powerful. In fact, you will find our technology in every aspect of modern life: in AI, medical equipment, 5G, smartphones, autonomous driving, and more._

The Senior Cybersecurity Analyst will manage IT risks using formalized IT Risk Management framework. The Senior Analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The Senior Analyst will stay up-to-date on the latest cybersecurity intelligence, including hackers' methodologies, in order to modify standards and controls that govern cybersecurity across the corporation.

Key Responsibilities:

- Perform cybersecurity and compliance risk assessments on new and existing systems, processes, technology.
- Update policies, procedures and standards, in accordance to relevant regulations/laws and Industry Best Practices, and perform risk assessment on exceptions against policies, procedures and standards.
- Support vendor due-diligence process and help to lead and define overall vendor risk management efforts.
- Work with various business units to ensure controls are adequate, appropriate, and effective.
- Support internal and external audit process for relevant compliance concerns including IT General, Application and Process Controls.
- Participate in disaster recovery and business continuity planning, and periodic cyber drill.
- Perform business impact analysis and assist with development of IT/InfoSec risk register.
- Interface with Global IT and business partners to provide guidance and support.
- Perform periodic gap assessments to validate compliance on an ongoing basis.
- Plan and rollout security awareness program targeting at different groups of users including end users, senior management and vendors.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
- Ready to take on addition responsibilities and roles such as cybersecurity project implementation, Security Operation, Purple Team and etc.
- Security certifications such as CIPP, CISA, CISM, CSIR or ISO27001 Lead Auditor
- Experience in Implementing security controls, risk assessment framework, and program that align to regulatory requirements
- At least 5 years of IT and operation experiences, and cybersecurity experiences such as GRC, IT Audit and IT Security Consultancy.
- Bachelor's degree relevant to Information Technology, Computer Science/Engineering (or equivalent)
- Experience on various technologies such as Microsoft, Azure and SAP
- Deep domain knowledge, ideally with experience with global exposure and strong understanding knowledge of cloud computing.
- Cloud solution provider certification such as Azure will be a bonus.

Technical Skills & Knowledge:

- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- Knowledge on industry standards such as ISO27001, COBIT, NIST, CIS, CSA, OSWAP, GDPR and etc.
- Performs and investigates internal and external cybersecurity risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.

At ASM we are committed to supporting our people, enabling them to develop their talents and perform at their best. We actively promote an inclusive and diverse culture that fosters trust and transparency. Our people are our power, and we value the differences between everyone because it is what make us better as a team. By embracing a wide range of perspe