Cybersecurity Governance & Process Analyst at Nexperia Malaysia Sdn Bhd

Kuala Lumpur, Kuala Lumpur, Malaysia -

Full Time

Start Date

Immediate

Expiry Date

01 Jan, 26

Salary

0.0

Posted On

03 Oct, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cybersecurity Governance, Risk Management, Compliance, Policy Development, Audit Management, NIST CSF, ISO 27001, CIS Controls, Risk Assessment, GRC Platforms, Organizational Skills, Attention to Detail, Process Development, Metrics Reporting, Leadership, Influencing Change

Industry

Semiconductor Manufacturing

Description

About the role The Cybersecurity Governance & Process Analyst is a key role responsible for establishing, maintaining, and overseeing the cybersecurity governance framework and operational processes across the organization. This position ensures that cybersecurity risks are properly identified, assessed, and managed in alignment with business objectives and regulatory requirements. The analyst focuses on developing and implementing effective cybersecurity policies, procedures, and controls while managing the enterprise risk register and driving audit findings to closure. What you will do Cybersecurity Governance Framework: Develop, implement, and maintain the organization's cybersecurity governance framework Ensure alignment with industry standards (NIST, ISO 27001, CIS Controls) and regulatory requirements Establish and maintain cybersecurity policies, standards, and guidelines Enterprise Risk Management: Maintain and update the enterprise cybersecurity risk register Conduct regular risk assessments and facilitate risk treatment plans Monitor and report on cybersecurity risk posture to senior management Process Development & Implementation: Design, document, and implement cybersecurity processes and procedures Develop and maintain process documentation, workflows, and SOPs Ensure process integration across security domains and business units Audit & Compliance Management: Manage internal and external cybersecurity audits Track audit findings and coordinate remediation activities Prepare compliance reports and metrics for management review Metrics & Reporting: Develop and monitor cybersecurity governance metrics and KPIs Prepare regular reports on governance effectiveness and compliance status Analyze trends and recommend improvements to the governance program Skills/Competencies Technical & Functional Competencies: Deep, practical knowledge of NIST CSF, NIST 800-53, ISO 27001, and CIS Critical Security Controls. Superior skill in writing clear, concise, and enforceable policies, standards, and procedures. Proficiency in risk assessment methodologies (e.g., NIST RMF, FAIR) and risk register management. Hands-on experience with GRC platforms (e.g., ServiceNow IRM, RSA Archer, MetricStream) to automate workflows. Strong understanding of audit processes and compliance requirements across multiple regulations. Leadership & Soft Skills: Exceptional ability to build consensus, socialize ideas, and influence change across technical and business teams without direct authority. Ability to translate technical controls and risks into business terms for leadership and legal/compliance teams. Strong organizational skills to manage multiple parallel workstreams and policy review cycles. Attention to detail and process-oriented mindset What you will need Bachelor’s degree in computer science, Cybersecurity, or related field, or equivalent practical experience. 5-8 years in cybersecurity governance, risk management, or compliance roles Relevant industry certifications (e.g. CISSP, CISM, CRISC, CISA, CGEIT, ISO 27001 Lead Auditor/Implementer) Proven, hands-on experience in developing and implementing an enterprise cybersecurity policy framework from the ground up. Demonstrable experience in managing cybersecurity risk registers and facilitating risk assessments. Direct experience supporting external audits and managing remediation plans. Governance Framework: Accountable for the development, maintenance, and effectiveness of the cybersecurity governance framework Risk Management: Accountable for maintaining the enterprise cybersecurity risk register and ensuring risks are properly documented and treated Process Compliance: Accountable for ensuring cybersecurity processes and procedures are documented, implemented, and followed across the organization Audit Management: Accountable for tracking and ensuring timely closure of all cybersecurity audit findings and compliance gaps Reporting Accuracy: Accountable for the accuracy and timeliness of cybersecurity governance reporting to management and relevant committees Policy Management: Accountable for the regular review and update of cybersecurity policies and standards to ensure ongoing relevance and effectiveness Talent acquisition based on Nexperia vacancies is not appreciated. Nexperia job adverts are Nexperia copyright © material and the word Nexperia® is a registered trademark. D&I Statement As an equal-opportunity employer, Nexperia values diversity not just because it is the right thing to do but because diverse teams perform better. We are dedicated to being inclusive, and a proof point of this dedication is that we were the main partner of the very first Dutch Paralympic Team NL House during the Paris 2024 Paralympic Games. Our recruitment process is inclusive and accessible to all, and we consider all applicants fairly, as well as providing a safe work environment and reasonable adjustments where requested. In addition, we offer our colleagues the possibility to join employee resource groups such as the Pride Network Group or global and local Women's groups. Nexperia is committed to increasing women in management positions to 30% by 2030. Nexperia is a world-class company in semiconductor development and in-house production. A proven global player with an entrepreneurial mentality. At our core is an 12,000+ strong international network with a singular focus. Built on passion and commitment to our work, belief in our goals and a drive to succeed regardless of the challenges we face. We support, reward and challenge individuals equally, in a dynamic and energetic environment. Looking to push boundaries in a company where your talents can shine? Join TeamNexperia. Are you already an Employee of TeamNexperia? Do not apply here, instead apply via our internal job page.

Responsibilities

The Cybersecurity Governance & Process Analyst is responsible for establishing and overseeing the cybersecurity governance framework and operational processes. This includes managing cybersecurity risks in alignment with business objectives and regulatory requirements.