Cybersecurity Analyst - Risk

About the position

We are seeking a highly skilled and experienced Senior Cybersecurity Analyst to join our Risk team within the Cybersecurity Governance, Risk, and Compliance (GRC) organization at Marathon Petroleum Corporation. The successful candidate will be responsible for assessing and analyzing cybersecurity risks and identifying appropriate mitigation measures for Information Technology (IT) and Operational Technology (OT) environments, systems, and third-party solutions. The Senior Cybersecurity Analyst will ensure appropriate controls are in place to mitigate risks by working closely with business partners, including IT and OT program and process owners. In this role, the Senior Cybersecurity Analyst will develop and implement cyber risk assessment techniques to identify and pre-empt security risks. This involves demonstrating business risks associated with vulnerabilities and providing risk treatment and prioritization strategies. The analyst will perform comprehensive risk assessments and be responsible for continuously monitoring and reviewing these assessments. A strong understanding of NIST standards and frameworks such as the NIST Cybersecurity Framework (CSF), NIST 800-30, NIST 800-37, NIST 800-53, and NIST 800-82 is essential. Effective communication of cyber risks to business stakeholders and collaboration with various departments to ensure a clear understanding of these risks is crucial. Additionally, the analyst will manage cybersecurity risks specific to IT and OT environments and third-party solutions, ensuring compliance with organizational policies. Staying updated with the latest cybersecurity trends and recommending improvements to existing cybersecurity policies, procedures, and tools will also be part of the responsibilities. This position belongs to a family of jobs with increasing responsibility, competency, and skill level, and the actual position title and pay grade will be based on the selected candidate's experience and qualifications.