Marathon Petroleum Corporation
Cybersecurity Analyst, Third Party Risk
Marathon Petroleum Corporation, San Antonio, Texas, United States, 78208
Overview
Cybersecurity Analyst, Third Party Risk at Marathon Petroleum Corporation. An exciting career awaits you. MPC is committed to being a great place to work, welcoming new ideas, encouraging diverse perspectives, developing our people, and fostering a collaborative team environment. Responsibilities
Perform third-party cybersecurity risk assessments and due diligence for vendors by evaluating security controls through questionnaires, documentation reviews, and ratings tools; collaborate with procurement, legal, and business units to embed cybersecurity requirements into contracts and vendor selection processes. Drive risk remediation and continuous improvement by tracking mitigation efforts, staying informed on emerging threats and regulatory changes, and applying insights to strengthen third-party risk management practices. Conduct controls analysis of business processes and systems and report impact of changes to security systems. Assist with the resolution of routine multi-functional technical issues. Prepare, perform and present cybersecurity assessments and associated risks. Evaluate the efficiency and effectiveness of security processes and controls ensuring confidentiality, integrity, and availability of data/information, under guidance of more senior colleagues. Recommend and/or execute remediation and develop cost information for mitigation measures. Monitor networks, systems, and applications for signs of potential cybersecurity incidents. Investigate and analyze the nature and scope of cyber incidents. Analyze security protocols, compliance reviews, administer and maintain security audits and reports of server access and activity; participate in disaster recovery planning per corporate guidelines. Deliver and implement global security initiatives, policies, and compliance requirements. Work with IT and security engineers to produce metrics related to cybersecurity. Takes action through collaboration to improve metric results. Execute cybersecurity-related consulting, guidance, and support to customers and stakeholders. Effectively communicate emerging information technology/operations technology and cybersecurity technology trends and their impact on the security landscape. Qualifications
Bachelor’s Degree in Information Technology, related field or equivalent experience. Professional certification, e.g. CISA, CRISC, CISSP, or CTPRP preferred. 2+ years of relevant experience required. Experience in cybersecurity, risk management, or vendor risk assessment required. Experience with third-party risk management platforms and tools (e.g., CyberGRX, BitSight) preferred. Experience with cybersecurity risk frameworks (NIST CSF, NIST 800-53, and COBIT) preferred. Experience reviewing and interpreting SOC 2 Type II reports, with the ability to assess control effectiveness, identify findings, and evaluate vendor risk posture preferred. Skills
Authentic Communicator - Expresses ideas and information clearly and credibly; listens to understand and fosters constructive dialogue. Cybersecurity Risk Management - Develops cyber risk assessment and treatment techniques that address business risks and aligns with security framework. General Programming - Applies a computer language to communicate with computers and automate tasks. Intrusion Detection - Uses security analytics to detect potential breaches and monitors external vulnerability reports for relevance, ensuring vulnerabilities are rectified through change processes. Penetration Testing - Tests systems to find vulnerabilities; can be automated or manual. Security Controls - Manages and maintains information systems security and risk management. Security Governance - Develops and disseminates security policies, frameworks, and guidelines. Security Information & Event Management (SIEM) - Real-time visibility across security systems and log management. Security Policy Management - Identifies and manages rules and procedures for IT assets access and usage. Threat Analysis - Monitors intelligence and analyzes potential threats to IT/OT systems. Threat Hunting - Searches networks, endpoints, and datasets to detect threats. Vulnerability Management - Defines, identifies, classifies, and prioritizes vulnerabilities and communicates risk. Location: Findlay, Ohio; Additional locations: San Antonio, Texas Job Requisition ID: 00017823 Marathon Petroleum is an Equal Opportunity Employer. We consider qualified applicants without discrimination on race, color, religion, creed, sex, gender, age, disability, or any status protected by law. If you would like more information about your EEO rights as an applicant, click here. For accommodations, contact talentacquisition@marathonpetroleum.com. A total rewards program is offered, including health, vision, dental insurance, paid time off, 401k matching, parental leave, and educational reimbursement. Details at the MPC benefits site. The hired candidate will be eligible for a discretionary annual bonus program. Equal Opportunity Employer: Veteran / Disability
#J-18808-Ljbffr
Cybersecurity Analyst, Third Party Risk at Marathon Petroleum Corporation. An exciting career awaits you. MPC is committed to being a great place to work, welcoming new ideas, encouraging diverse perspectives, developing our people, and fostering a collaborative team environment. Responsibilities
Perform third-party cybersecurity risk assessments and due diligence for vendors by evaluating security controls through questionnaires, documentation reviews, and ratings tools; collaborate with procurement, legal, and business units to embed cybersecurity requirements into contracts and vendor selection processes. Drive risk remediation and continuous improvement by tracking mitigation efforts, staying informed on emerging threats and regulatory changes, and applying insights to strengthen third-party risk management practices. Conduct controls analysis of business processes and systems and report impact of changes to security systems. Assist with the resolution of routine multi-functional technical issues. Prepare, perform and present cybersecurity assessments and associated risks. Evaluate the efficiency and effectiveness of security processes and controls ensuring confidentiality, integrity, and availability of data/information, under guidance of more senior colleagues. Recommend and/or execute remediation and develop cost information for mitigation measures. Monitor networks, systems, and applications for signs of potential cybersecurity incidents. Investigate and analyze the nature and scope of cyber incidents. Analyze security protocols, compliance reviews, administer and maintain security audits and reports of server access and activity; participate in disaster recovery planning per corporate guidelines. Deliver and implement global security initiatives, policies, and compliance requirements. Work with IT and security engineers to produce metrics related to cybersecurity. Takes action through collaboration to improve metric results. Execute cybersecurity-related consulting, guidance, and support to customers and stakeholders. Effectively communicate emerging information technology/operations technology and cybersecurity technology trends and their impact on the security landscape. Qualifications
Bachelor’s Degree in Information Technology, related field or equivalent experience. Professional certification, e.g. CISA, CRISC, CISSP, or CTPRP preferred. 2+ years of relevant experience required. Experience in cybersecurity, risk management, or vendor risk assessment required. Experience with third-party risk management platforms and tools (e.g., CyberGRX, BitSight) preferred. Experience with cybersecurity risk frameworks (NIST CSF, NIST 800-53, and COBIT) preferred. Experience reviewing and interpreting SOC 2 Type II reports, with the ability to assess control effectiveness, identify findings, and evaluate vendor risk posture preferred. Skills
Authentic Communicator - Expresses ideas and information clearly and credibly; listens to understand and fosters constructive dialogue. Cybersecurity Risk Management - Develops cyber risk assessment and treatment techniques that address business risks and aligns with security framework. General Programming - Applies a computer language to communicate with computers and automate tasks. Intrusion Detection - Uses security analytics to detect potential breaches and monitors external vulnerability reports for relevance, ensuring vulnerabilities are rectified through change processes. Penetration Testing - Tests systems to find vulnerabilities; can be automated or manual. Security Controls - Manages and maintains information systems security and risk management. Security Governance - Develops and disseminates security policies, frameworks, and guidelines. Security Information & Event Management (SIEM) - Real-time visibility across security systems and log management. Security Policy Management - Identifies and manages rules and procedures for IT assets access and usage. Threat Analysis - Monitors intelligence and analyzes potential threats to IT/OT systems. Threat Hunting - Searches networks, endpoints, and datasets to detect threats. Vulnerability Management - Defines, identifies, classifies, and prioritizes vulnerabilities and communicates risk. Location: Findlay, Ohio; Additional locations: San Antonio, Texas Job Requisition ID: 00017823 Marathon Petroleum is an Equal Opportunity Employer. We consider qualified applicants without discrimination on race, color, religion, creed, sex, gender, age, disability, or any status protected by law. If you would like more information about your EEO rights as an applicant, click here. For accommodations, contact talentacquisition@marathonpetroleum.com. A total rewards program is offered, including health, vision, dental insurance, paid time off, 401k matching, parental leave, and educational reimbursement. Details at the MPC benefits site. The hired candidate will be eligible for a discretionary annual bonus program. Equal Opportunity Employer: Veteran / Disability
#J-18808-Ljbffr