Cybersecurity Governance & Process Analyst

Nexperia is a world-class company in semiconductor development and in-house production. A proven global player with an entrepreneurial mentality. At our core is an 13,000+ strong international network with a singular focus. Built on passion and commitment to our work, belief in our goals and a drive to succeed regardless of the challenges we face. We support, reward and challenge individuals equally, in a dynamic and energetic environment.About The RoleThe Cybersecurity Governance & Process Analyst is a key role responsible for establishing, maintaining, and overseeing the cybersecurity governance framework and operational processes across the organization.This position ensures that cybersecurity risks are properly identified, assessed, and managed in alignment with business objectives and regulatory requirements. The analyst focuses on developing and implementing effective cybersecurity policies, procedures, and controls while managing the enterprise risk register and driving audit findings to closure.What You Will DoCybersecurity Governance Framework:Develop, implement, and maintain the organization's cybersecurity governance frameworkEnsure alignment with industry standards (NIST, ISO 27001, CIS Controls) and regulatory requirementsEstablish and maintain cybersecurity policies, standards, and guidelinesEnterprise Risk Management:Maintain and update the enterprise cybersecurity risk registerConduct regular risk assessments and facilitate risk treatment plansMonitor and report on cybersecurity risk posture to senior managementProcess Development & Implementation:Design, document, and implement cybersecurity processes and proceduresDevelop and maintain process documentation, workflows, and SOPsEnsure process integration across security domains and business unitsAudit & Compliance Management:Manage internal and external cybersecurity auditsTrack audit findings and coordinate remediation activitiesPrepare compliance reports and metrics for management reviewMetrics & Reporting:Develop and monitor cybersecurity governance metrics and KPIsPrepare regular reports on governance effectiveness and compliance statusAnalyze trends and recommend improvements to the governance programSkills/CompetenciesTechnical & Functional Competencies:Deep, practical knowledge of NIST CSF, NIST 800-53, ISO 27001, and CIS Critical Security Controls.Superior skill in writing clear, concise, and enforceable policies, standards, and procedures.Proficiency in risk assessment methodologies (e.g., NIST RMF, FAIR) and risk register management.Hands-on experience with GRC platforms (e.g., ServiceNow IRM, RSA Archer, MetricStream) to automate workflows.Strong understanding of audit processes and compliance requirements across multiple regulations.Leadership & Soft Skills:Exceptional ability to build consensus, socialize ideas, and influence change across technical and business teams without direct authority.Ability to translate technical controls and risks into business terms for leadership and legal/compliance teams.Strong organizational skills to manage multiple parallel workstreams and policy review cycles.Attention to detail and process-oriented mindsetWhat You Will NeedBachelor’s degree in computer science, Cybersecurity, or related field, or equivalent practical experience.5-8 years in cybersecurity governance, risk management, or compliance rolesRelevant industry certifications (e.g. CISSP, CISM, CRISC, CISA, CGEIT, ISO 27001 Lead Auditor/Implementer)Proven, hands-on experience in developing and implementing an enterprise cybersecurity policy framework from the ground up.Demonstrable experience in managing cybersecurity risk registers and facilitating risk assessments.Direct experience supporting external audits and managing remediation plans.Governance Framework: Accountable for the development, maintenance, and effectiveness of the cybersecurity governance frameworkRisk Management: Accountable for maintaining the enterprise cybersecurity risk register and ensuring risks are properly documented and treatedProcess Compliance: Accountable for ensuring cybersecurity processes and procedures are documented, implemented, and followed across the organizationAudit Management: Accountable for tracking and ensuring timely closure of all cybersecurity audit findings and compliance gapsReporting Accuracy: Accountable for the accuracy and timeliness of cybersecurity governance reporting to management and relevant committeesPolicy Management: Accountable for the regular review and update of cybersecurity policies and standards to ensure ongoing relevance and effectivenessTalent acquisition based on Nexperia vacancies is not appreciated. Nexperia job adverts are Nexperia copyright © material and the word Nexperia® is a registered trademark.D&I StatementAs an equal-opportunity employer, Nexperia values diversity not just because it is the right thing to do but because diverse teams perform better. We are dedicated to being inclusive, and a proof point of this dedication is that we were the main partner of the very first Dutch Paralympic Team NL House during the Paris 2024 Paralympic Games. Our recruitment process is inclusive and accessible to all, and we consider all applicants fairly, as well as providing a safe work environment and reasonable adjustments where requested.In addition, we offer our colleagues the possibility to join employee resource groups such as the Pride Network Group or global and local Women's groups. Nexperia is committed to increasing women in management positions to 30% by 2030.