IT Security Manager, Governance Risk and Compliance
Description:
At Motiva, our employees’ energy, passion, and dedication to excellence are what make us who we are and what allows us to generate energy that makes a house a home, gets us from point A to point B, and enables our health and wellbeing. We invest in every aspect of our employees’ lives because, at Motiva, our people matter.
Headquartered in Houston, Texas, Motiva refines, distributes and markets petroleum products throughout the Americas. The company’s Port Arthur Manufacturing Complex in Port Arthur, TX, is comprised of North America’s largest refinery with a total throughput of 720,000 barrels per day, the world’s second largest base oil plant, and an integrated chemical plant. Under exclusive long-term brand licenses with Shell and Phillips 66 (for the 76® brand), Motiva’s commercial operations supply more than 12 billion gallons of fuel to customers annually. Motiva is wholly owned by Aramco, one of the world’s largest integrated energy and chemicals companies.
Position Overview:
The IT Security Manager, Governance Risk and Compliance is responsible for developing and maintaining Motiva’s comprehensive IT risk and controls management program. This program is designed to ensure that the company’s IT systems and information assets are adequately protected and compliant with regulatory and other requirements. The individual in this role will identify, evaluate, and report on information security risks, ensuring alignment with Motiva’s policies and standards.
The Manager acts as the process owner for all IT-related risk assessment and identification activities across the company's IT systems, information assets, and IT-dependent strategic business objectives. A key responsibility is to collaborate with senior executives, line-of-business managers, and other stakeholders to determine acceptable levels of residual risk. This role requires a deep understanding of Motiva’s business environment to ensure that IT systems are secure, resilient, and aligned with business goals.
This is an in-office role located at our downtown Houston, TX corporate headquarters.
Responsibilities:
Lead and mentor a team of GRC analysts, providing guidance, feedback, and training.
Oversee and monitor risk mitigation efforts, coordinating with the Cybersecurity Operations Manager, the Business Assurance team and others.
Benchmark Motiva’s risk management practices against industry best practices, particularly those of companies in similar industries or with similar business models.
Stay updated on legal and regulatory developments that could impact Motiva’s cybersecurity policies and practices.
Create, disseminate, and update documentation of Motiva’s IT risk and controls matrix.
Collaborate with business units and internal departments to facilitate IT risk analysis and management processes, identify acceptable residual risk levels, and establish roles and responsibilities for information classification and protection.
Design and conduct risk assessments, including for information assets and applications, and define applicable controls for mitigation.
Develop, implement, and maintain an IT controls framework aligned with regulatory, commercial, and organizational IT risks.
Manage risk reviews for new applications and third-party risk assessments.
Coordinate information security and risk management projects across the IT organization, lines of business, and other internal departments.
Review and analyze risk assessments and IT control activities, providing actionable recommendations to Motiva’s Leadership.
Follow up on deficiencies identified in reviews, assessments, and audits to ensure appropriate remediation measures are implemented.
Experience and Qualifications:
Required Education and Experience:
Bachelor’s or advanced degree in Computer Science, Information Technology, Business Administration, or a related field. Pertinent experience at the professional level may be substituted for the education requirement on a year-for-year basis.
11+ years of experience in IT Governance, Risk, and Compliance, with increasing responsibility in an organization of similar scale and geographic footprint, with at least 8 years of experience in a leadership or management role
One or more certifications in the area of specialty (e.g., CISSP, CSSLP, CISA, CISM, CRISC). Relevant training and experience can be considered instead.
Strong knowledge of industry standards and frameworks, such as NIST Cybersecurity Framework, ISO 27001, CMMI, etc.
Proven experience in developing and maintaining risk and controls programs in complex IT environments.
Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams and stakeholders.
Strong organizational and project management skills, with the ability to prioritize and manage multiple tasks simultaneously.
Strong analytical, problem-solving, and decision-making skills.
Preferred Education and Experience:
Master’s degree in a relevant field from an accredited college or university is preferred.
Experience with risk and control related to Operational Technology (OT) environments.
Experience in a large-scale organization
Experience in the oil and gas industry
Strong data analytics and reporting skills
We reserve the right to amend or withdraw Motiva jobs at any time, including prior to the closing date. Depending on qualifications, the successful candidate may be offered a position at a more appropriate level and/or grade.
Applicants for regular U.S. positions must be authorized to work in the United States for Motiva Enterprises LLC without the need for sponsorship of an immigration authorization or visa (for example, TN, H-1B, or other employment-based immigration authorization or visa).
Motiva participates in E-Verify.
All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, age, religion, disability, sexual orientation, gender identity, protected veteran status, citizenship, genetic information, or other protected status under federal, state, or local laws.
3861