Cybersecurity Governance & Process Analyst

About the role

The Cybersecurity Governance & Process Analyst is a key role responsible for establishing, maintaining, and overseeing the cybersecurity governance framework and operational processes across the organization.

This position ensures that cybersecurity risks are properly identified, assessed, and managed in alignment with business objectives and regulatory requirements. The analyst focuses on developing and implementing effective cybersecurity policies, procedures, and controls while managing the enterprise risk register and driving audit findings to closure.

What you will do

Cybersecurity Governance Framework:

• Develop, implement, and maintain the organization's cybersecurity governance framework

• Ensure alignment with industry standards (NIST, ISO 27001, CIS Controls) and regulatory requirements

• Establish and maintain cybersecurity policies, standards, and guidelines

Enterprise Risk Management:

• Maintain and update the enterprise cybersecurity risk register

• Conduct regular risk assessments and facilitate risk treatment plans

• Monitor and report on cybersecurity risk posture to senior management

Process Development & Implementation:

• Design, document, and implement cybersecurity processes and procedures

• Develop and maintain process documentation, workflows, and SOPs

• Ensure process integration across security domains and business units

Audit & Compliance Management:

• Manage internal and external cybersecurity audits

• Track audit findings and coordinate remediation activities

• Prepare compliance reports and metrics for management review

Metrics & Reporting:

• Develop and monitor cybersecurity governance metrics and KPIs

• Prepare regular reports on governance effectiveness and compliance status

• Analyze trends and recommend improvements to the governance program

Skills/Competencies

Technical & Functional Competencies:

• Deep, practical knowledge of NIST CSF, NIST 800-53, ISO 27001, and CIS Critical Security Controls.

• Superior skill in writing clear, concise, and enforceable policies, standards, and procedures.

• Proficiency in risk assessment methodologies (e.g., NIST RMF, FAIR) and risk register management.

• Hands-on experience with GRC platforms (e.g., ServiceNow IRM, RSA Archer, MetricStream) to automate workflows.

• Strong understanding of audit processes and compliance requirements across multiple regulations.

Leadership & Soft Skills:

• Exceptional ability to build consensus, socialize ideas, and influence change across technical and business teams without direct authority.

• Ability to translate technical controls and risks into business terms for leadership and legal/compliance teams.

• Strong organizational skills to manage multiple parallel workstreams and policy review cycles.

• Attention to detail and process-oriented mindset
  

What you will need

• Bachelor’s degree in computer science, Cybersecurity, or related field, or equivalent practical experience.

• 5-8 years in cybersecurity governance, risk management, or compliance roles

• Relevant industry certifications (e.g. CISSP, CISM, CRISC, CISA, CGEIT, ISO 27001 Lead Auditor/Implementer)

• Proven, hands-on experience in developing and implementing an enterprise cybersecurity policy framework from the ground up.

• Demonstrable experience in managing cybersecurity risk registers and facilitating risk assessments.

• Direct experience supporting external audits and managing remediation plans.

• Governance Framework: Accountable for the development, maintenance, and effectiveness of the cybersecurity governance framework

• Risk Management: Accountable for maintaining the enterprise cybersecurity risk register and ensuring risks are properly documented and treated

• Process Compliance: Accountable for ensuring cybersecurity processes and procedures are documented, implemented, and followed across the organization

• Audit Management: Accountable for tracking and ensuring timely closure of all cybersecurity audit findings and compliance gaps

• Reporting Accuracy: Accountable for the accuracy and timeliness of cybersecurity governance reporting to management and relevant committees

• Policy Management: Accountable for the regular review and update of cybersecurity policies and standards to ensure ongoing relevance and effectiveness

Talent acquisition based on Nexperia vacancies is not appreciated. Nexperia job adverts are Nexperia copyright © material and the word Nexperia® is a registered trademark.

D&I Statement

As an equal-opportunity employer, Nexperia values diversity not just because it is the right thing to do but because diverse teams perform better. We are dedicated to being inclusive, and a proof point of this dedication is that we were the main partner of the very first Dutch Paralympic Team NL House during the Paris 2024 Paralympic Games. Our recruitment process is inclusive and accessible to all, and we consider all applicants fairly, as well as providing a safe work environment and reasonable adjustments where requested.

In addition, we offer our colleagues the possibility to join employee resource groups such as the Pride Network Group or global and local Women's groups. Nexperia is committed to increasing women in management positions to 30% by 2030.