Chief Information Security Officer - Collaborative Environment

Headquartered in Houston, Texas, Motiva refines, distributes, and markets petroleum products throughout the Americas. The company's Port Arthur Manufacturing Complex in Port Arthur, TX, is comprised of North America's largest refinery with a total throughput of 720,000 barrels per day, the world's second largest lubricants plant, and an integrated chemical plant. Under exclusive long-term brand licenses with Shell and Phillips 66 (for the 76® brand), Motiva's commercial operations supply more than 12 billion gallons of fuel to customers annually. Motiva is wholly owned by Aramco, one of the world's largest integrated energy and chemicals companies.

Position Overview:

Reporting directly to the Vice President, Controller, and Enterprise Risk, the Chief Information Security Officer (CISO) at Motiva holds oversight over the organization's IT and OT enterprise information security programs.

Motiva seeks a cybersecurity leader to spearhead the implementation and management of the company's strategic security roadmap, governance, risk management, security operations, and security engineering functions across both Information Technology (IT) and Operational Technology (OT) domains. The CISO will play a pivotal role in driving cross-functional initiatives aimed at fortifying Motiva's cyber and information security program, providing expert knowledge and technical guidance. Continuously enhancing the program's maturity, the CISO will collaborate effectively to ensure Motiva's information security posture is future-ready, proactively identifying and mitigating acurrent and potential risks, threats, and vulnerabilities.

As a key member of the VP, Controller, and Enterprise Risk Leadership Team, the CISO will work alongside peers to advise executive management on determining acceptable risk levels for the organization. Upholding Motiva's information security policies, the CISO will oversee processes safeguarding the privacy, accuracy, and accessibility of information concerning Motiva's clients, vendors, employees, and business operations. Proficient in business dynamics and well-versed in information protection and privacy laws, the ideal candidate will demonstrate the ability to work autonomously and collaborate with diverse stakeholder groups to uphold Motiva's secure environment.

Responsibilities:

• Provide overarching leadership and guidance to the Information Security organization, overseeing security operations, engineering, governance, risk management, compliance, operational technology, and related teams.
  
• Identify, report, and manage computer security incidents; promptly detect and communicate cyber threats; continuously monitor threats and implement appropriate preventative measures against security breaches.
  
• Direct and authorize the design of security systems; offer recommendations for enhancing existing and new security hardware, software, or associated tools.
  
• Establish a strategic framework to guide annual security investment decisions, incorporating sustainable metrics to measure performance and outcomes effectively.
  
• Uphold and enforce information system risk management and information security risk management framework and methodology; review and endorse information security policies, controls, and cyber incident response plans.
  
• Develop a comprehensive corporate education program to proactively educate the user community; collaborate on conducting annual mandatory information security awareness programs to alert employees to information security protocols and best practices.
  
• Ensure compliance with evolving laws and regulations, translating regulatory knowledge into actionable plans to mitigate potential risks and safeguard the enterprise.
  
• Provide regular briefings to the executive team on security status and risks; advocate for the overall security strategy and necessary budget allocation; disseminate security and risk management best practices across all business functions.
  
• Support routine security audits; engage with audit teams to address findings and facilitate resolutions.
  
• Interface with regulators as needed to ensure compliance with information security, data protection, and privacy laws or regulations.
  

Experience and Qualifications

Basic Qualifications:

• Bachelor's degree or higher in Cybersecurity, Management Information Systems (MIS), Computer Science, Information Technology, or another relevant technology-related field.
  
• Minimum of 15 years of experience in a blend of risk management, information security, and/or IT roles.
  
• At least 10 years of leadership experience, with a minimum of 5 years in an information security leadership capacity.
  
• A track record of presenting to senior leadership for at least 5 years.
  
• Demonstrated success in formulating information security strategy, policies, and procedures, along with a proven ability to implement programs that achieve excellence in a dynamic environment.
  
• Possesses strong critical thinking and analytical skills.
  
• Capable of leading and inspiring cross-functional, interdisciplinary teams to accomplish both tactical and strategic objectives, with a keen focus on achieving business outcomes.
  
• Exhibits a high level of personal integrity and professionalism, with the capacity to manage confidential matters with discretion and maturity.
  
• Excellent written and verbal communication skills, including the ability to convey security and risk-related concepts to both technical and non-technical audiences effectively.
  
• Demonstrated ability to think strategically, crafting a vision and strategy for an information protection program.
  
• Must be legally authorized to work in the United States.
  
• Flexibility to travel occasionally may be required for this position
  

Preferred Qualifications:

• Possession of a professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.
  
• Familiarity with common information security management frameworks including SOC 2, ISO/IEC 27001, ITIL, COBIT, and standards from NIST.
  
• Understanding of relevant legal and regulatory requirements, such as the Sarbanes-Oxley Act (SOX) and General Data Protection Regulation (GDPR).
  
• Minimum of 5 years of audit experience.
  
• Demonstrated advanced proficiency in IT systems security and technical security threats.
  

We reserve the right to amend or withdraw Motiva jobs at any time, including prior to the closing date. Depending on qualifications, the successful candidate may be offered a position at a more appropriate level and/or grade.

Applicants for regular U.S. positions must be authorized to work in the United States for Motiva Enterprises LLC without the need for sponsorship of an immigration authorization or visa (for example, TN, H-1B, or other employment-based immigration authorization or visa).

Motiva participates in E-Verify.

All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, age, religion, disability, sexual orientation, gender identity, protected veteran status, citizenship, genetic information, or other protected status under federal, state, or local laws.