Cybersecurity Compliance and Regulatory Support Manager

CITGO Petroleum Corporation is a recognized leader in the refining industry and operates under the well-known CITGO brand. CITGO owns and operates three refineries located in Lake Charles, LA.; Lemont, IL.; and Corpus Christi, TX, and wholly and/or jointly owns 38 active terminals, six pipelines and three lubricants blending and packaging plants. With approximately 3,300 employees and a combined crude capacity of approximately 807,000 barrels-per-day (bpd), positions CITGO as one of the best-branded supplier companies in the industry.

At CITGO our people are our most important resource. Our core values are Safety, Integrity, Respect, Accountability, and Care.

Job Summary

The Cybersecurity Risk Analyst is responsible for identifying, assessing, and managing cybersecurity risks across the organization's IT and OT environments. This role involves conducting comprehensive risk assessments, leading vulnerability management efforts, and ensuring compliance with industry frameworks and regulations. The analyst will work closely with cross-functional teams to design and implement effective risk mitigation strategies, evaluate third-party risks, and support incident response and post-incident evaluations. By leveraging data-driven methods and tracking key performance indicators, the Cybersecurity Risk Analyst plays a critical role in enhancing the organization's security posture and aligning cybersecurity efforts with business objectives.

Minimum Qualifications

Degree:

• Bachelor's Degree

• 8 years.

• In-depth understanding of cybersecurity frameworks such as NIST, ISO 27001, and FAIR.
• Strong familiarity with IT and OT environments, including cloud platforms, IoT devices, data centers, and software applications.
• Expertise in vulnerability management processes, penetration testing, and threat modeling.
• Advanced analytical and problem-solving skills for assessing and prioritizing risks.
• Effective communication and presentation skills to translate technical risks into business impacts for stakeholders.
• Proficiency in creating detailed documentation, including risk reports, policies, and compliance evidence.
• Awareness of emerging technologies and their associated risks.
• Preferred CISSP, CRISC or other security certifications.

1. Comprehensive Infrastructure Risk Assessment

• Perform regular risk assessments of IT and OT systems, including networks, cloud platforms, IoT devices, and software, aligned with NIST and CIS Controls.
• Ensure compliance with security regulations (e.g., GDPR, CCPA, PCI DSS) and manage third-party risks.

• Lead vulnerability scans, penetration tests, and threat modeling.
• Assess and address vulnerabilities, prioritize patches, and adapt to new threats in collaboration with teams.

• Present risk reports to stakeholders, translating technical details into business impacts.
• Use methods like FAIR to prioritize risks and provide updates on risks, incidents, and mitigation efforts.

• Partner with governance and IT teams to develop and implement risk mitigation strategies aligned with security and business goals.

• Act as a key incident response team member, offering expertise during security incidents.
• Conduct post-incident evaluations, identify root causes, and participate in simulations to enhance response readiness.

6. Cybersecurity Framework & Policy Development

• Contribute to developing and refining cybersecurity policies, standards, and procedures aligned with risk management strategies.
• Provide input on creating technical security standards supporting risk management goals.

• Ensure compliance with regulatory requirements through risk assessments, vulnerability management, and mitigation efforts.
• Support cybersecurity audits by providing documentation, reports, and evidence of remediation activities.

• Monitor KPIs to evaluate the effectiveness of risk and vulnerability management programs.
• Leverage metrics, automated tools, and dashboards to report on security posture and provide real-time insights.

• Evaluate risks tied to adopting emerging technologies (e.g., AI, blockchain) and integrate them securely.
• Develop strategies to address risks linked to digital transformation initiatives.

Here are the incentives we offer:

• Remote Work options available for eligible positions
• Options are department and/or location specific
• 9/80 Work Schedule Option (where applicable)
• Annual Vacation Incentive (40-120 hours of additional pay) for Eligible Employees
• Paid Vacation Time
• Company-Paid Holidays
• Caregiver Leave
• Excellent 401(k) Match
• Pension Plan
• Company-Paid Sick Leave and Long-Term Disability
• Medical, Dental, & Vision Plans; FSA and HSA options
• Company-Paid Life Insurance for Active Employees
• Healthy Rewards Program
• Service Awards Program
• Educational Assistance Plan
• Dependent Children Scholarships
• Reimbursement for Gym Membership
• Employee Discount Programs
• On-site Health Clinic (select locations)
• On-site Cafeteria (select locations)
• On-site Credit Union and ATM (Corporate office only)
• On-site Fitness Center (select locations)

PLEASE NOTE ALL JOBS DO NOT QUALIFY FOR ALL PERKS

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.

Requisition ID - 1130