Marathon Petroleum Corporation is committed to fostering a collaborative team environment and is seeking a detail-oriented Cybersecurity Analyst – Third Party Risk to join their cybersecurity team. This role involves assessing and managing cybersecurity risks associated with third-party vendors to protect the organization's data and systems, ensuring compliance with security standards.
Perform third-party cybersecurity risk assessments and due diligence for vendors by evaluating security controls through questionnaires, documentation reviews, and ratings tools; collaborate with procurement, legal, and business units to embed cybersecurity requirements into contracts and vendor selection processes.
Drive risk remediation and continuous improvement by tracking mitigation efforts, staying informed on emerging threats and regulatory changes, and applying insights to strengthen third-party risk management practices.
Conducts controls analysis of business process and systems and reports impact of changes and additions to security systems.
Assists with the resolution of routine multi-functional technical issues. Prepares, performs and presents cybersecurity assessments and associated risks.
Evaluates the efficiency and effectiveness of Security processes and controls in place ensuring confidentiality, integrity, and availability of data/ information, under guidance of more senior colleagues.
Recommends and/or executes remediation and develops cost information for such mitigation measures. Monitors networks, systems, and applications for signs of potential cybersecurity incidents. Investigates and analyzes the nature and scope of cyber incidents.
Analyzes security protocols, compliance reviews, administers and maintains security audits and reports of server access and activity; participates in disaster recovery planning per corporate guidelines.
Delivers and implements global security initiatives, policies, and compliance requirements. Works with IT and security engineers to produce metrics related to cybersecurity.
Takes action through collaboration to improve metric results. Executes cyber security-related consulting, guidance, and support to customers and stakeholders.
Effectively communicates emerging Information Technology/Operations Technology and cybersecurity technology trends as well as their impact on the security landscape.
Qualification
Required
Bachelor’s Degree in Information Technology, related field or equivalent experience.
2+ years of relevant experience required
Experience in cybersecurity, risk management, or vendor risk assessment required.
Preferred
Professional certification, e.g. CISA, CRISC, CISSP, or CTPRP preferred.
Experience with third-party risk management platforms and tools (e.g., CyberGRX, BitSight) preferred.
Experience with cybersecurity risk frameworks (NIST CSF, NIST 800-53, and COBIT) preferred.
Experience reviewing and interpreting SOC 2 Type II reports, with the ability to assess control effectiveness, identify relevant findings, and evaluate vendor risk posture preferred.
Benefits
Access to health, vision, and dental insurance
Paid time off
401k matching program
Paid parental leave
Educational reimbursement
Discretionary company-sponsored annual bonus program
Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream and midstream energy company headquartered in Findlay, Ohio.
Glassdoor
3.7
Founded in 2005
Findlay, Ohio, USA
10001+ employees
http://www.marathonpetroleum.com
Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream and midstream energy company headquartered in Findlay, Ohio.
