Cybersecurity Manager (Midstream OT Compliance)

At MPC, we’re committed to being a great place to work – one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.

At Marathon, we are trailblazers in the Oil & Gas industry, driving innovation and creating value through cutting edge digital platforms and infrastructure. Our Midstream IT organization supports Marathon’s Midstream Business Units, including Gathering, Transporting, Storing, Processing, and Distributing Oil & Gas products. We take pride in our ability to deliver high-quality services and transformative solutions that enhance operational performance.

As we continue to transform the Midstream technological landscape, we are seeking a visionary and experienced IT Manager of OT Compliance to lead the development and execution of a comprehensive compliance program within Marathon’s Operational Technology (OT) environment. This role is pivotal in shaping a multi-year strategic roadmap that embeds compliance-by-default principles and fosters a culture of proactive risk management across OT systems.

As a key leader within the Midstream IT department, a successful candidate will collaborate across OT Operations, Support, Service Management, Infrastructure, and Cybersecurity teams to ensure alignment and scalability of compliance initiatives. The role demands a creative, automation-first mindset and deep expertise in compliance architecture, risk analytics, and platform development.

This position offers the opportunity to influence enterprise-wide compliance strategy, drive operational excellence, and deliver measurable improvements in audit readiness, governance, and risk posture. The ideal candidate will bring a strong blend of technical acumen, leadership capability, and strategic foresight to elevate the maturity of Marathon’s OT compliance landscape.

This role is accountable for business results primarily achieved through the work of others. Manages staff, sets direction, and deploys resources. Has responsibility for employee development, performance reviews, pay reviews, and staffing decisions. Accountable for business, functional or operational areas, processes, or programs.

• Manages daily operations of the team, providing guidance, mentorship, and driving a culture of innovation and continuous improvement. Oversees recruitment, development, retention, and performance to build strong talent.
• Plans and leads low- to medium-complexity IT projects, ensuring they are delivered on time, within budget, and adhere to quality standards.
• Ensures the availability, reliability, and security of technology systems. Collaborates with key stakeholders and internal groups to identify needs, deliver effective solutions, and support business objectives.
• Implements cybersecurity strategy & drives governance, risk & compliance (NIST-aligned), Owns program strategy, policies/standards, defines risk appetite/tolerance and compliance objectives, maintains a multi-year roadmap, champions security awareness/culture.
• Monitors and analyzes security events, coordinates incident response to minimize impact, maintains and executes the Incident Response plan, runs exercises; and aligns with Business Continuity / Disaster Response to ensure rapid recovery and post-incident improvements.
• Designs, implements, and maintains security controls and tooling (e.g., firewalls, IDS/IPS, EDR, encryption); ensures secure configurations and lifecycle management; evaluates new capabilities to strengthen security posture.
• Runs enterprise risk assessments and treatment plans, maintains the risk register, drives vulnerability management and pen testing, performs control testing/evidence management, supports audits, track compliance to applicable standards/regulations, ensures timely remediation and risk reporting/metrics.
• Partners with IT operations, software engineering, and OT teams to embed security by design and align to risk appetite; applies ITSM fundamentals where appropriate (incident/change/problem) to maintain service quality and stability.
• Governs security vendors/providers; assess and monitor supplier security and compliance obligations, enforces remediation, manages SLAs and contractual controls.
• Manages OpEx/CapEx for security, prioritizes investments by risk and ROI and optimizes licensing, services, and resource allocation to meet strategic and operational objectives.

• Bachelor's degree in Computer Science, Information Technology, Management Information Systems, Engineering, Business, or other computer-related degree required.
• 10+ years of diversified IT experience required.
• 3+ years of experience leading professional staff required.
• Strong communication and change leadership
• Certified in Risk and Information Systems Control (CRISC) strongly preferred
• Experience with Operational Technology (OT) strongly preferred.
• Certified Information Systems Security Professional (CISSP) preferred
• Certified Information Security Manager (CISM) preferred
• Certified Information Systems Auditor (CISA) preferred
• Strong understanding of Portfolio and Agile management preferred.

• Strategic Outlook - Examines issues, generates ideas, creates future scenarios, and develops plans with a long-term perspective. Ensures short-term goals support long-term strategy and that organizational/functional strategy aligns with and supports MPC’s overall business strategy.
• Business Acumen - Applies knowledge of MPC’s business, industry, and the marketplace to advance the organization’s goals. Makes decisions and recommendations clearly linked to MPC’s strategy.
• Results Driven - Drives operational and process excellence and innovative behavior by empowering others, collaborating, taking appropriate risks, making timely decisions, and holding people accountable for results.
• Authentic Communicator - Expresses ideas and information, both verbally and in writing, clearly and credibly. Listens to understand and fosters constructive dialogue.
• Continuous Improvement Mindset - Identifies and leads opportunities for continuous improvement and value creation, both incremental and large-scale.
• Energizing the Organization - Creates a purposeful, engaged, optimistic workforce.
• Ongoing Learning & Self-Development - Regularly determines new areas for learning and acquires strategies and best practices for gaining/improving knowledge, behaviors, and skills.
• Selecting and Developing People - Recognizes and selects high caliber talent, accurately assesses abilities and potential, coaches to develop capabilities and builds high- performing teams.
• Adaptability – Maintaining effectiveness when experiencing major changes in work responsibilities or environment (e.g., people, processes, structure, or culture); adjusting effectively to change by exploring the benefits, trying new approaches, and collaborating with others to make the change successful.
• Data-Driven Decision Making – Applies data to make informed decisions with a priority on using real-time data, analytics, and insights to optimize operations, improve safety, and enhance the company's competitive edge.
• Digital Awareness – Actively explore, learn, and implement emerging digital tools, technologies, and trends. Involves seeking out new information, asking insightful questions, and testing innovative approaches to understand how digital solutions can create value, improve processes, or enhance experiences. Demonstrates openness to change, continuous learning, and adapting to the evolving digital landscape.
• Influencing Others - The ability to garner support for initiatives by gaining the respect of others and inspiring trust and confidence.

#TACorporate

MINIMUM QUALIFICATIONS:
• Bachelors Degree in Computer Science, Information Technology, Management Information Systems, Engineering, Cybersecurity, or other computer-related degree required. ​
• Certified Information Systems Security Professional (CISSP) preferred​
• Certified Information Security Manager (CISM) preferred​
• Certified Information Systems Auditor (CISA) preferred​
• Certified in Risk and Information Systems Control (CRISC) preferred
• 10+ years of diversified IT experience​
• 3+ years of direct or indirect leadership experience

As an energy industry leader, our career opportunities fuel personal and professional growth.

Location:

Job Requisition ID:

Pay Min/Max:

Grade:

Location Address:

Additional locations:

Education:

Employee Group:

Employee Subgroup:

Marathon Petroleum Company LP is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without discrimination on the basis of race, color, religion, creed, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, reproductive health decision-making, age, mental or physical disability, medical condition or AIDS/HIV status, ancestry, national origin, genetic information, military, veteran status, marital status, citizenship  or any other status protected by applicable federal, state, or local laws.  If you would like more information about your EEO rights as an applicant, click here.
If you need a reasonable accommodation for any part of the application process at Marathon Petroleum LP, please contact our Human Resources Department at [email protected]. Please specify the reasonable accommodation you are requesting, along with the job posting number in which you may be interested. A Human Resources representative will review your request and contact you to discuss a reasonable accommodation. Marathon Petroleum offers a total rewards program which includes, but is not limited to, access to health, vision, and dental insurance, paid time off, 401k matching program, paid parental leave, and educational reimbursement. Detailed benefit information is available at mympcbenefits.com. The hired candidate will also be eligible for a discretionary company-sponsored annual bonus program.
 
Equal Opportunity Employer: Veteran / Disability

We will consider all qualified Applicants for employment, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws. In reviewing criminal history in connection with a conditional offer of employment, Marathon will consider the key responsibilities of the role.