Cybersecurity Analyst, Third Party Risk

An exciting career awaits you

At MPC, we're committed to being a great place to work – one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.

Position Summary

We are seeking a detail-oriented and analytical Cybersecurity Analyst – Third Party Risk to join our cybersecurity team. In this role, you will be responsible for assessing, monitoring, and managing cybersecurity risks associated with third-party vendors, partners, and service providers. You will play a critical role in protecting our organization's data and systems by ensuring our external relationships meet our security standards and compliance requirements.

Key Responsibilities

• Perform third-party cybersecurity risk assessments and due diligence for vendors by evaluating security controls through questionnaires, documentation reviews, and ratings tools; collaborate with procurement, legal, and business units to embed cybersecurity requirements into contracts and vendor selection processes.
• Drive risk remediation and continuous improvement by tracking mitigation efforts, staying informed on emerging threats and regulatory changes, and applying insights to strengthen third-party risk management practices.
• Conduct controls analysis of business process and systems and report impact of changes and additions to security systems.
• Assist with the resolution of routine multi-functional technical issues. Prepare, perform, and present cybersecurity assessments and associated risks.
• Evaluate the efficiency and effectiveness of Security processes and controls in place ensuring confidentiality, integrity, and availability of data / information, under guidance of more senior colleagues.
• Recommend and / or execute remediation and develop cost information for such mitigation measures. Monitor networks, systems, and applications for signs of potential cybersecurity incidents. Investigate and analyze the nature and scope of cyber incidents.
• Analyze security protocols, compliance reviews, administer and maintain security audits and reports of server access and activity; participate in disaster recovery planning per corporate guidelines.
• Deliver and implement global security initiatives, policies, and compliance requirements. Work with IT and security engineers to produce metrics related to cybersecurity.
• Take action through collaboration to improve metric results. Execute cyber security-related consulting, guidance, and support to customers and stakeholders.
• Effectively communicate emerging Information Technology / Operations Technology and cybersecurity technology trends as well as their impact on the security landscape.

Education and Experience

Skills

Marathon Petroleum Company LP is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without discrimination on the basis of race, color, religion, creed, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, reproductive health decision-making, age, mental or physical disability, medical condition or AIDS / HIV status, ancestry, national origin, genetic information, military, veteran status, marital status, citizenship or any other status protected by applicable federal, state, or local laws.

We will consider all qualified Applicants for employment, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws.

J-18808-Ljbffr