CITGO Petroleum Corporation in
CYBERSECURITY RISK ANALYST
CITGO Petroleum Corporation in, Houston, Texas, United States, 77246
Overview
CITGO Petroleum Corporation is a recognized leader in the refining industry and operates under the CITGO brand. The company owns and operates three refineries (Lake Charles, LA; Lemont, IL; Corpus Christi, TX) and 38 active terminals, six pipelines, and three lubricants blending/packaging plants. With approximately 3,300 employees and a crude capacity of about 807,000 bpd, CITGO is a major player in the industry. Our core values are Safety, Integrity, Respect, Accountability, and Care. Job Summary
The
Cybersecurity Risk Analyst
is responsible for identifying, assessing, and managing cybersecurity risks across the organization's IT and OT environments. This role conducts risk assessments, leads vulnerability management, ensures compliance with industry frameworks and regulations, collaborates with cross-functional teams to design and implement risk mitigation strategies, evaluates third-party risks, and supports incident response and post-incident evaluations. The analyst uses data-driven methods and tracks key performance indicators to enhance the organization's security posture and align cybersecurity efforts with business objectives. Minimum Qualifications
Bachelor's Degree Position:
CYBERSECURITY RISK ANALYST (Finance) Experience
Minimum of 8 years of job-related experience Specialized Training / Skills (preferred)
In-depth understanding of cybersecurity frameworks such as NIST, ISO 27001, and FAIR Familiarity with IT and OT environments, including cloud platforms, IoT devices, data centers, and software applications Expertise in vulnerability management, penetration testing, and threat modeling Awareness of emerging technologies and their risks Strong analytical and problem-solving skills to assess and prioritize risks Effective communication to translate technical risks into business impacts Proficiency in creating risk reports, policies, and compliance evidence Preferred certifications: CISSP, CRISC, or other security certifications Job Duties
Comprehensive Infrastructure Risk Assessment
Perform regular risk assessments of IT and OT systems (networks, cloud, IoT, software) aligned with NIST and CIS Controls Ensure regulatory compliance (e.g., GDPR, CCPA, PCI DSS) and manage third-party risks
Vulnerability Management
Lead vulnerability scans, penetration tests, and threat modeling; assess and address vulnerabilities; prioritize patches
Risk Reporting & Communication
Present risk reports to stakeholders; translate technical details into business impacts; apply FAIR to prioritize risks
Collaboration on Risk Mitigation
Partner with governance and IT teams to develop and implement risk mitigation strategies aligned with security and business goals
Incident Response & Risk Evaluation
Act as a key incident response team member; conduct post-incident evaluations; participate in simulations
Cybersecurity Framework & Policy Development
Contribute to policies, standards, and procedures aligned with risk management; develop technical security standards
Regulatory Compliance & Audit Support
Ensure regulatory compliance; support audits with documentation and remediation evidence
KPI Tracking & Reporting
Monitor KPIs; use metrics and dashboards to report on security posture
Emerging Technology Risk Management
Evaluate risks of adopting emerging technologies (e.g., AI, blockchain); address risks in digital transformations
Job duties listed are not all-inclusive; site-specific responsibilities may be assigned. Incentives & Benefits
Remote work options available for eligible positions (department/location dependent). Other benefits may include: 9/80 work schedule, paid vacations, holidays, caregiver leave, 401(k) match, pension plan, health/dental/vision, life insurance, disability coverage, flexible spending accounts, on-site health clinic and cafeteria (where available), employee discounts, gym reimbursement, educational assistance, dependent scholarships, and more. Note: Not all perks apply to every role. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability. Requisition ID - 1129 #J-18808-Ljbffr
CITGO Petroleum Corporation is a recognized leader in the refining industry and operates under the CITGO brand. The company owns and operates three refineries (Lake Charles, LA; Lemont, IL; Corpus Christi, TX) and 38 active terminals, six pipelines, and three lubricants blending/packaging plants. With approximately 3,300 employees and a crude capacity of about 807,000 bpd, CITGO is a major player in the industry. Our core values are Safety, Integrity, Respect, Accountability, and Care. Job Summary
The
Cybersecurity Risk Analyst
is responsible for identifying, assessing, and managing cybersecurity risks across the organization's IT and OT environments. This role conducts risk assessments, leads vulnerability management, ensures compliance with industry frameworks and regulations, collaborates with cross-functional teams to design and implement risk mitigation strategies, evaluates third-party risks, and supports incident response and post-incident evaluations. The analyst uses data-driven methods and tracks key performance indicators to enhance the organization's security posture and align cybersecurity efforts with business objectives. Minimum Qualifications
Bachelor's Degree Position:
CYBERSECURITY RISK ANALYST (Finance) Experience
Minimum of 8 years of job-related experience Specialized Training / Skills (preferred)
In-depth understanding of cybersecurity frameworks such as NIST, ISO 27001, and FAIR Familiarity with IT and OT environments, including cloud platforms, IoT devices, data centers, and software applications Expertise in vulnerability management, penetration testing, and threat modeling Awareness of emerging technologies and their risks Strong analytical and problem-solving skills to assess and prioritize risks Effective communication to translate technical risks into business impacts Proficiency in creating risk reports, policies, and compliance evidence Preferred certifications: CISSP, CRISC, or other security certifications Job Duties
Comprehensive Infrastructure Risk Assessment
Perform regular risk assessments of IT and OT systems (networks, cloud, IoT, software) aligned with NIST and CIS Controls Ensure regulatory compliance (e.g., GDPR, CCPA, PCI DSS) and manage third-party risks
Vulnerability Management
Lead vulnerability scans, penetration tests, and threat modeling; assess and address vulnerabilities; prioritize patches
Risk Reporting & Communication
Present risk reports to stakeholders; translate technical details into business impacts; apply FAIR to prioritize risks
Collaboration on Risk Mitigation
Partner with governance and IT teams to develop and implement risk mitigation strategies aligned with security and business goals
Incident Response & Risk Evaluation
Act as a key incident response team member; conduct post-incident evaluations; participate in simulations
Cybersecurity Framework & Policy Development
Contribute to policies, standards, and procedures aligned with risk management; develop technical security standards
Regulatory Compliance & Audit Support
Ensure regulatory compliance; support audits with documentation and remediation evidence
KPI Tracking & Reporting
Monitor KPIs; use metrics and dashboards to report on security posture
Emerging Technology Risk Management
Evaluate risks of adopting emerging technologies (e.g., AI, blockchain); address risks in digital transformations
Job duties listed are not all-inclusive; site-specific responsibilities may be assigned. Incentives & Benefits
Remote work options available for eligible positions (department/location dependent). Other benefits may include: 9/80 work schedule, paid vacations, holidays, caregiver leave, 401(k) match, pension plan, health/dental/vision, life insurance, disability coverage, flexible spending accounts, on-site health clinic and cafeteria (where available), employee discounts, gym reimbursement, educational assistance, dependent scholarships, and more. Note: Not all perks apply to every role. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability. Requisition ID - 1129 #J-18808-Ljbffr