California Resources Corporation
Director of Cybersecurity
California Resources Corporation, Bakersfield, California, United States, 93399
Pay or shift range: $200,000 USD to $240,000 USD. The estimated range is the budgeted amount for this position. Final offers are based on various factors, including skill set, experience, location, qualifications and other job-related reasons.
Description California Resources Corporation is a publicly traded oil and natural gas exploration and production company and the largest oil and natural gas producer in California. We operate our world-class resource base exclusively within the State of California, applying complementary and integrated infrastructure to gather, process and market our production. Using advanced technology, CRC’s workforce focuses on safely and responsibly supplying affordable energy for California by Californians.
The
Director of Cybersecurity
serves as CRC’s cybersecurity leader, reporting directly to the CDIO. This role owns the vision, strategy, and execution of CRC’s pragmatic, risk-based cybersecurity program, designed to be
reasonable, cost-conscious, and business-aligned . The Director will ensure the protection of CRC’s IT systems, operational technology (OT) systems, and data assets while enabling the company’s transformation, growth initiatives, and board-mandated security commitments.
The Director will lead a lean team of cybersecurity professionals (4-5 FTEs) and will be accountable for delivering measurable improvements in security posture while minimizing disruption, cost, and complexity. Success will require exceptional execution discipline, strong cross-functional leadership, and the ability to operate effectively in a fast-moving, complex environment.
The base annual salary for this posted position is expected to range from $200K - $240K, with a target annual bonus of 25% of base salary and eligibility to participate in our long-term incentive program. Actual salary will be determined based on individual pay factors, including education, experience level and relevant industry experience. Benefits include Medical, Dental, Vision, 401K with Match, Paid Holidays, FSA and HSA.
Department Context Cybersecurity is one of CRC IT’s five core capabilities, with responsibility for:
Security Operations & Engineering
– Vulnerability management, threat detection, incident response, and security tool administration Governance, Risk, and Compliance (GRC)
– Policy management, SOX ITGC compliance, and risk reporting Security Architecture
– Defining and governing security standards across CRC’s IT/OT landscape Awareness & Education
– Cybersecurity training and phishing prevention programs
Responsibilities:
Strategic Leadership Define and execute CRC’s pragmatic, defensible cybersecurity strategy aligned with business priorities and cost constraints Lead the security component of CRC’s IT strategy, ensuring board-mandated goals are met Serve as CRC’s primary cybersecurity voice to the CDIO and other company leaders
Risk-Based Execution Drive remediation of vulnerabilities to meet targets Propose and track progress on the retirement or isolation of unsupported or highly risky systems Ensure SOX ITGC compliance, CCPA adherence, and other applicable regulatory requirements Maximize value of every dollar spent on Cybersecurity and ensure strong tradeoffs between incremental costs and incremental risk reduction
Oversee key initiatives related to Cybersecurity and IT management
Manage vendor relationships to optimize spend and eliminate license waste
Operational Excellence Lead 24x7 security monitoring, incident response, and threat intelligence activities Maintain high availability and reliability of security tools and processes Establish and track KPIs (e.g., phishing fail rate, NIST-CSF maturity, vulnerability backlog) Ensure strong performance of the Cybersecurity team, projects, and contractors Deliver high-quality artifacts and deliverables needed for the Cybersecurity function
Cross-Functional Collaboration Partner with other IT Directors (Infrastructure, Applications, Analytics & Data, and Operations & Portfolio) teams to embed security in all major programs Coordinate with Internal Audit, Legal, and Risk Management for audit preparation, evidence gathering, and risk documentation
Build a culture of accountability, proactive communication, and timely execution
Required Qualifications:
Bachelor’s degree in Computer Science, Information Security, or related field
10+ years of progressive cybersecurity experience, with at least 5 years in leadership
Proven track record of delivering measurable security improvements in complex, high-risk environments
Strong knowledge of NIST-CSF, SOX ITGC, and CCPA/CPRA compliance
Experience with OT/IT security integration
Demonstrated ability to operate effectively in cost-constrained environments
Expertise with enterprise-class security tools (EDR, SIEM, IAM, PAM, vulnerability management)
Preferred Qualifications:
Advanced degree (MS, MBA) or equivalent experience
CISSP, CISM, or similar certificationExperience in oil & gas, utilities, or other critical infrastructure sectors
History of success in post-merger IT/Cybersecurity integration
Experience presenting to boards and audit committees
Execution Discipline
– Meets commitments on time and with quality, under pressure.
Business Acumen
– Aligns security priorities with CRC’s cost, risk, and operational realities.
Strategic Influence
– Shapes executive and board-level decisions through data, clarity, and credibility.
Collaboration & Relationship Management
– Builds trust with technical and non-technical stakeholders.
Problem-Solving & Prioritization
– Focuses resources on highest-impact, most exploitable risks.
Change Leadership
– Leads through cultural resistance and organizational complexity.
Problem Solving and Information Synthesis
– Solve problems, work independently, and synthesize large amount of information quickly.
Strategic and Tactical
– Operate at both a strategic and tactical level at a sustained high level of performance.
Communication
– Create executive quality business cases, communications, and presentations. Communicate Cybersecurity concepts clearly and effectively to non-technical audiences and stakeholders.
Success Measures
Meeting or exceeding board-mandated cybersecurity targets on time and within budget
Reduction in high/critical vulnerabilities per agreed timelines
Sustained SOX ITGC pass rate and regulatory compliance
Demonstrated cost savings through license rationalization and efficient vendor management
Positive feedback from executive leadership, board, and audit stakeholders
On-time delivery of high-quality projects, initiatives, and deliverables
Opportunity to influence CRC’s security posture at the highest levels
Ability to shape pragmatic, cost-effective cybersecurity strategy in a publicly traded company
Exposure to major enterprise transformation initiatives (ERP, OT integration, carbon capture)
Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr
Description California Resources Corporation is a publicly traded oil and natural gas exploration and production company and the largest oil and natural gas producer in California. We operate our world-class resource base exclusively within the State of California, applying complementary and integrated infrastructure to gather, process and market our production. Using advanced technology, CRC’s workforce focuses on safely and responsibly supplying affordable energy for California by Californians.
The
Director of Cybersecurity
serves as CRC’s cybersecurity leader, reporting directly to the CDIO. This role owns the vision, strategy, and execution of CRC’s pragmatic, risk-based cybersecurity program, designed to be
reasonable, cost-conscious, and business-aligned . The Director will ensure the protection of CRC’s IT systems, operational technology (OT) systems, and data assets while enabling the company’s transformation, growth initiatives, and board-mandated security commitments.
The Director will lead a lean team of cybersecurity professionals (4-5 FTEs) and will be accountable for delivering measurable improvements in security posture while minimizing disruption, cost, and complexity. Success will require exceptional execution discipline, strong cross-functional leadership, and the ability to operate effectively in a fast-moving, complex environment.
The base annual salary for this posted position is expected to range from $200K - $240K, with a target annual bonus of 25% of base salary and eligibility to participate in our long-term incentive program. Actual salary will be determined based on individual pay factors, including education, experience level and relevant industry experience. Benefits include Medical, Dental, Vision, 401K with Match, Paid Holidays, FSA and HSA.
Department Context Cybersecurity is one of CRC IT’s five core capabilities, with responsibility for:
Security Operations & Engineering
– Vulnerability management, threat detection, incident response, and security tool administration Governance, Risk, and Compliance (GRC)
– Policy management, SOX ITGC compliance, and risk reporting Security Architecture
– Defining and governing security standards across CRC’s IT/OT landscape Awareness & Education
– Cybersecurity training and phishing prevention programs
Responsibilities:
Strategic Leadership Define and execute CRC’s pragmatic, defensible cybersecurity strategy aligned with business priorities and cost constraints Lead the security component of CRC’s IT strategy, ensuring board-mandated goals are met Serve as CRC’s primary cybersecurity voice to the CDIO and other company leaders
Risk-Based Execution Drive remediation of vulnerabilities to meet targets Propose and track progress on the retirement or isolation of unsupported or highly risky systems Ensure SOX ITGC compliance, CCPA adherence, and other applicable regulatory requirements Maximize value of every dollar spent on Cybersecurity and ensure strong tradeoffs between incremental costs and incremental risk reduction
Oversee key initiatives related to Cybersecurity and IT management
Manage vendor relationships to optimize spend and eliminate license waste
Operational Excellence Lead 24x7 security monitoring, incident response, and threat intelligence activities Maintain high availability and reliability of security tools and processes Establish and track KPIs (e.g., phishing fail rate, NIST-CSF maturity, vulnerability backlog) Ensure strong performance of the Cybersecurity team, projects, and contractors Deliver high-quality artifacts and deliverables needed for the Cybersecurity function
Cross-Functional Collaboration Partner with other IT Directors (Infrastructure, Applications, Analytics & Data, and Operations & Portfolio) teams to embed security in all major programs Coordinate with Internal Audit, Legal, and Risk Management for audit preparation, evidence gathering, and risk documentation
Build a culture of accountability, proactive communication, and timely execution
Required Qualifications:
Bachelor’s degree in Computer Science, Information Security, or related field
10+ years of progressive cybersecurity experience, with at least 5 years in leadership
Proven track record of delivering measurable security improvements in complex, high-risk environments
Strong knowledge of NIST-CSF, SOX ITGC, and CCPA/CPRA compliance
Experience with OT/IT security integration
Demonstrated ability to operate effectively in cost-constrained environments
Expertise with enterprise-class security tools (EDR, SIEM, IAM, PAM, vulnerability management)
Preferred Qualifications:
Advanced degree (MS, MBA) or equivalent experience
CISSP, CISM, or similar certificationExperience in oil & gas, utilities, or other critical infrastructure sectors
History of success in post-merger IT/Cybersecurity integration
Experience presenting to boards and audit committees
Execution Discipline
– Meets commitments on time and with quality, under pressure.
Business Acumen
– Aligns security priorities with CRC’s cost, risk, and operational realities.
Strategic Influence
– Shapes executive and board-level decisions through data, clarity, and credibility.
Collaboration & Relationship Management
– Builds trust with technical and non-technical stakeholders.
Problem-Solving & Prioritization
– Focuses resources on highest-impact, most exploitable risks.
Change Leadership
– Leads through cultural resistance and organizational complexity.
Problem Solving and Information Synthesis
– Solve problems, work independently, and synthesize large amount of information quickly.
Strategic and Tactical
– Operate at both a strategic and tactical level at a sustained high level of performance.
Communication
– Create executive quality business cases, communications, and presentations. Communicate Cybersecurity concepts clearly and effectively to non-technical audiences and stakeholders.
Success Measures
Meeting or exceeding board-mandated cybersecurity targets on time and within budget
Reduction in high/critical vulnerabilities per agreed timelines
Sustained SOX ITGC pass rate and regulatory compliance
Demonstrated cost savings through license rationalization and efficient vendor management
Positive feedback from executive leadership, board, and audit stakeholders
On-time delivery of high-quality projects, initiatives, and deliverables
Opportunity to influence CRC’s security posture at the highest levels
Ability to shape pragmatic, cost-effective cybersecurity strategy in a publicly traded company
Exposure to major enterprise transformation initiatives (ERP, OT integration, carbon capture)
Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws.For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr