Cybersecurity Governance Analyst

Youngsoft, Inc. ( is a global software solutions IT company, delivering digital enterprise business betterment since 1996. Through collaborative engagement and discovery with our clients and vendors, we co-create industry specialized digital products, applications software, process, programs, and project outcomes. Headquartered in metro-Detroit, we leverage "pods" of Subject Matter Experts, Business Analysts, Solutions Architects, Software Engineers, and Project Managers, fused with HyperCare through our Global Support Centers. Through inclusivity, we share a singular vision to deliver world-class measurable upside results to our customers. It takes a village – come join ours!

• The Cybersecurity Governance Analyst should have an understanding of an information security program, security best practices, risk management, security policy management, and [cybersecurity] program performance management.

• Support governance activities including but not limited cybersecurity metrics definition/ collection, documentation development, and continuous improvement assessments
• Responsible for helping mature our Cybersecurity Program (e.g., ISMS) and support activities related to development and maintenance of the policies, regulations, and process
• Responsible for gathering metrics to track security program performance (e.g. monthly Management Dashboard, expiring risks and quarterly KPIs)
• Support the operation and continuous improvement of cybersecurity governance (i.e., modernize risk management process and form)
• Create security awareness and training materials (e.g., monthly newsletter)
• Facilitate alignment with Cybersecurity Team and relevant stakeholders for cybersecurity program
• Contribute to the operation and continuous improvement of cybersecurity governance (e.g., update JIRA tasks)
• Support the cybersecurity risk management program, including tracking risks for individual IT and Business projects or systems, identify and documenting risks to the organization, periodically reviews risks and mitigation, updating GRC tooling questionnaires/risks for Cybersecurity
• Participate in Cybersecurity audits either from the Group or external auditors by supporting preparations taking notes, tracking action items, and assisting with mitigating actions
• Assist with both the periodic (e.g., annual) assessment and ongoing review of cybersecurity programs to identify programmatic and technological gaps, areas for improvement and recommendations
• Support other cybersecurity activities, initiatives, and projects (e.g., IT-PEP)

• Excellent verbal, written, and other interpersonal communication skills-ability to convey complex technical concepts effectively to a variety of audiences
• Ability to analyze processes, procedures, and architectures for cybersecurity implications
• Ability to inform, educate, and influence IT and business employees to support goals and initiatives
• Ability to support a diverse/inclusive workplace
• Outstanding team and collaboration skills

• Bachelor’s Degree or equivalent experience (Engineering, Information Technology, Computer Information Systems, Computer Science, Cybersecurity or similar)
• Master’s Degree Preferred (Computer Science, Information Security/Assurance, Engineering, Business Administration (MBA))
• Certified Information Security System Professional (CISSP) certification or equivalent
• Knowledge of cybersecurity standards (e.g., ISO, NIST, CSA, ENSIA) and applicable and privacy regulations (e.g., UNECE Wp.29 r155/156, CCPA, GDPR, CLOUD Act, etc.)
• Knowledge in defining programmatic requirements-based cybersecurity standards and best practices (e.g., ISO27001, NIST CSF, ISO 21434)