Cybersecurity Analyst - Risk

About the position We are seeking a highly skilled and experienced Senior Cybersecurity Analyst to join our Risk team within the Cybersecurity Governance, Risk, and Compliance (GRC) organization at Marathon Petroleum Corporation. The successful candidate will be responsible for assessing and analyzing cybersecurity risks and identifying appropriate mitigation measures for Information Technology (IT) and Operational Technology (OT) environments, systems, and third-party solutions. The Senior Cybersecurity Analyst will ensure appropriate controls are in place to mitigate risks by working closely with business partners, including IT and OT program and process owners. In this role, the Senior Cybersecurity Analyst will develop and implement cyber risk assessment techniques to identify and pre-empt security risks. This involves demonstrating business risks associated with vulnerabilities and providing risk treatment and prioritization strategies. The analyst will perform comprehensive risk assessments and be responsible for continuously monitoring and reviewing these assessments. A strong understanding of NIST standards and frameworks such as the NIST Cybersecurity Framework (CSF), NIST 800-30, NIST 800-37, NIST 800-53, and NIST 800-82 is essential. Effective communication of cyber risks to business stakeholders and collaboration with various departments to ensure a clear understanding of these risks is crucial. Additionally, the analyst will manage cybersecurity risks specific to IT and OT environments and third-party solutions, ensuring compliance with organizational policies. Staying updated with the latest cybersecurity trends and recommending improvements to existing cybersecurity policies, procedures, and tools will also be part of the responsibilities. This position belongs to a family of jobs with increasing responsibility, competency, and skill level, and the actual position title and pay grade will be based on the selected candidate's experience and qualifications. Responsibilities • Conducts detailed analyses on controls related to complex business processes and systems and relationship to other internal and external systems to assess business impact of the security issues. , • Drives the resolution of routine multi-functional technical issues. Oversees, advises on and manages Cybersecurity assessments and associated risks. , • Develops and evaluates efficiency and effectiveness of security processes and controls through creation and maintenance of detailed security and/or compliance reports, as necessary. , • Analyzes and maintains security audits and reports, monitors security advisory groups, and assists with security incidents and intrusions. , • Leads implementation of global security initiatives, policies, and compliance requirements. Develops and tracks metrics related to cybersecurity; uses existing cybersecurity tools for running web application scanning, vulnerability scanning and external pentests and helps with the remediation effort. , • Manages cyber security-related consulting, guidance, and support to customers and stakeholders. , • Translates security principles to assist configuration teams with incorporating security into build and configuration processes. , • Monitors emerging Information Technology/Operations Technology and cybersecurity technologies as well as their impact on the security landscape. Requirements • Bachelor's Degree in Information Technology, related field or equivalent experience. , • 5+ years of relevant experience required. , • Professional certification, eg Security+, Network+, CISA, CRISC, CISSP preferred. Nice-to-haves • Cybersecurity Research , • DevSecOps , • Digital Forensics , • Ethical Hacking , • Identity and Access Management (IAM) , • Incident Response Management , • Intrusion Detection & Analysis , • Malware Analysis , • Penetration Testing , • Root Cause Analysis , • Secure Software Development Lifecycle (SSDL) , • Security Controls Management , • Security Governance , • Security Information & Event Management (SIEM) , • Security Policy Management , • Threat Analysis & Modeling , • Threat Hunting , • Threat Intelligence Analysis Benefits • Access to health, vision, and dental insurance , • Paid time off , • 401k matching program , • Paid parental leave , • Educational reimbursement , • Discretionary company-sponsored annual bonus program Apply Job!