drjobs Senior Cybersecurity Analyst, SOX

Senior Cybersecurity Analyst, SOX

Employer Active

1 Vacancy
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

San Antonio - USA

Monthly Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Vacancy

1 Vacancy

Job Description

An exciting career awaits you


At MPC were committed to being a great place to work one that welcomes new ideas encourages diverse perspectives develops our people and fosters a collaborative team environment.

Position Summary

The IT SOX Senior Cybersecurity Analyst is a critical member of the Cybersecurity and Infrastructure Compliance team responsible for driving the execution and maturity of the companys IT SOX compliance program. This role blends deep knowledge of IT general controls and audit readiness with the ability to advise on technical implementations of such controls across cloud on-premises and hybrid environments. The ideal candidate brings a strong background in IT SOX testing and control monitoring and serves as a key liaison between internal stakeholders external auditors and control owners.

In this role you will evaluate develop and enhance controls related to access change management and system development lifecycle (SDLC); support audit and risk assessment activities; and provide guidance on integrating SOX security into systems and processes including emerging technologies such as AI and cloud-based platforms. You will play a vital role in identifying compliance risks supporting remediation efforts and promoting a strong control environment that aligns with regulatory requirements and corporate cybersecurity standards.

Key Responsibilities

  • Conducts detailed analyses on controls related to complex business processes and systems including IT general controls and application controls and their relationship to other internal and external systems to assess business and compliance impact of security issues.
  • Drives the resolution of routine multi-functional technical and compliance issues. Oversees advises on and manages Cybersecurity assessments and IT Compliance (eg: SOX or PCI) related risks across the environment.
  • Develops and evaluates efficiency and effectiveness of security and compliance processes and controls through the creation and maintenance of detailed security and/or SOX/PCI compliance reports as necessary.
  • Analyzes and maintains security and compliance audit documentation monitors relevant advisory groups and assist with security incidents and audit-driven investigations.
  • Performs Incident Detection Analysis Response Planning Containment Eradication Forensics and Reporting. Assists in the development of innovative ideas to formulate risk mitigation and remediation plans for compliance activities including SOX/PCI and approaches to ensure adherence.
  • Leads implementation of global security and compliance initiatives policies and control requirements. Develops and tracks metrics related to compliance (eg: SOX/PCI) posture and testing status.
  • Manages cyber security-related consulting guidance and compliance support to customers and stakeholders.
  • Translates security principles to assist configuration teams with incorporating security into build and configuration processes.
  • Monitors emerging Information Technology/Operations Technology and cybersecurity technologies as well as their impact on control frameworks compliance requirements and risk posture.

Education and Experience

  • Bachelors Degree in Information Technology related field or equivalent experience.
  • 5 years of relevant experience required.
  • Experience with ITGC frameworks and SOX 404 testing requirements including change management access management and SDLCs is required.
  • Strong understanding of cybersecurity risk frameworks (e.g. NIST CSF NIST 800-53 COBIT) and their application within a SOX-controlled environment is required.
  • Experience interfacing with internal and external auditors including preparing formal audit responses and control documentation is required.
  • Professional certification e.g. Security CISA Network OSCP GIAC CEH preferred.
  • Familiarity with cloud environments and SaaS platforms including cloud security controls relevant to IT SOX compliance is preferred.
  • Hands-on experience with GRC platforms such as ServiceNow GRC or Archer is preferred.
  • Awareness of emerging technologies such as AI/ML particularly regarding data governance accountability and compliance risk is preferred.
  • Experience with the PCI (Payment Card Industry) framework is preferred.

Skills

  • Authentic Communicator -Expresses ideas and information both verbally and in writing clearly and credibly. Listens to understand and fosters constructive dialogue.
  • Cybersecurity Risk Management - The process of developing cyber risk assessment and treatment techniques that can effectively pre-empt and identify significant security loopholes and weaknesses demonstrating the business risks associated with these loopholes and providing risk treatment and prioritization strategies to effectively address the cyber-related risks threats and vulnerabilities ensuring appropriate levels of protection confidentiality integrity and privacy in alignment with the security framework.
  • General Programming - Applies a computer language to communicate with computers using a set of instructions and to automate the execution of tasks.
  • Intrusion Detection - The use of security analytics including the outputs from intelligence analysis predictive research and root cause analysis in order to search for and detect potential breaches or identify recognized indicators and warnings. Also monitoring and collating external vulnerability reports for organizational relevance ensuring that relevant vulnerabilities are rectified through formal change processes.
  • Penetration Testing - The practice of testing a computer system network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.
  • Relationship Management - Relationship Management is the conscious aim to develop and manage long-term and/or trusting relationships with internal or external customers distributors suppliers or other parties in an environment which can include marketing selling servicing and other areas where a relationship is crucial to on-going success. At a senior level it includes C-level relationships with senior management.
  • Security Controls - Manages and maintains an information system that focus on the management of risk and the management of information systems security.
  • Security Governance - The process of developing and disseminating corporate security policies frameworks and guidelines to ensure that day-to-day business operations are guarded and well protected against risks threats and vulnerabilities.
  • Security Information & Event Management (SIEM) - A set of tools and services offering real-time visibility across an organizations information security systems and event log management that consolidates data from numerous sources.
  • Security Policy Management - The process of identifying implementing and managing the rules and procedures that all individuals must follow when accessing and using an organizations IT assets and resources.
  • Threat Analysis - Monitor intelligence-gathering and anticipate potential threats to an IT/OT systems proactively. This involves the pre-emptive analysis of potential perpetrators anomalous activities and evidence-based knowledge and inferences on perpetrators motivations and tactics.
  • Threat Hunting - Searches through networks endpoints and datasets to detect and isolate cyber threats that evade existing security solutions.
  • Vulnerability Management - The process of defining identifying classifying and prioritizing vulnerabilities in computer systems applications and network infrastructures and providing the organization with the necessary knowledge awareness and risk background to understand the threats to its business.

As an energy industry leader our career opportunities fuel personal and professional growth.

Location:

San Antonio Texas

Additional locations:

Findlay Ohio

Job Requisition ID:

Location Address:

19100 Ridgewood Pkwy

Education:

Employee Group:

Full time

Employee Subgroup:

Regular

Marathon Petroleum Company LP is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without discrimination on the basis of race color religion creed sex gender (including pregnancy childbirth breastfeeding or related medical conditions) sexual orientation gender identity gender expression reproductive health decision-making age mental or physical disability medical condition or AIDS/HIV status ancestry national origin genetic information military veteran status marital status citizenship or any other status protected by applicable federal state or local laws. If you would like more information about your EEO rights as an applicant click here.

If you need a reasonable accommodation for any part of the application process at Marathon Petroleum LP please contact our Human Resources Department at
. Please specify the reasonable accommodation you are requesting along with the job posting number in which you may be interested. A Human Resources representative will review your request and contact you to discuss a reasonable accommodation. Marathon Petroleum offers a total rewards program which includes but is not limited to access to health vision and dental insurance paid time off 401k matching program paid parental leave and educational reimbursement. Detailed benefit information is available at.The hired candidate will also be eligible for a discretionary company-sponsored annual bonus program.

Equal Opportunity Employer: Veteran / Disability

We will consider all qualified Applicants for employment including those with arrest or conviction records in a manner consistent with the requirements of applicable state and local reviewing criminal history in connection with a conditional offer of employment Marathon will consider the key responsibilities of the role.


Required Experience:

Senior IC

Employment Type

Full-Time

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.