Cybersecurity Risk Analyst

Select how often (in days) to receive an alert:
Create Alert

CITGO Petroleum Corporation is a recognized leader in the refining industry and operates under the well-known CITGO brand. CITGO owns and operates three refineries located in Lake Charles, LA.;
Lemont, IL.; and Corpus Christi, TX, and wholly and/or jointly owns 38 active terminals, six pipelines and three lubricants blending and packaging plants. With approximately 3,300 employees and a combined crude capacity of approximately 807,000 barrels-per-day (bpd), positions CITGO as one of the best-branded supplier companies in the industry.

At CITGO our people are our most important resource. Our core values are Safety, Integrity, Respect, Accountability, and Care.

The Cybersecurity Risk Analyst is responsible for identifying, assessing, and managing cybersecurity risks across the organization's IT and OT environments. This role involves conducting comprehensive risk assessments, leading vulnerability management efforts, and ensuring compliance with industry frameworks and regulations. The analyst will work closely with cross-functional teams to design and implement effective risk mitigation strategies, evaluate third‑party risks, and support incident response and post‑incident evaluations.

By leveraging data‑driven methods and tracking key performance indicators, the Cybersecurity Risk Analyst plays a critical role in enhancing the organization’s security posture and aligning cybersecurity efforts with business objectives.

Degree:
Bachelor's Degree

Minimum number of years of job related experience required by this job is: 8 years.

List any specialized training or unique skills required / preferred:

• In-depth understanding of cybersecurity frameworks such as NIST, ISO 27001, and FAIR.
• Strong familiarity with IT and OT environments, including cloud platforms, IoT devices, data centers, and software applications.
• Expertise in vulnerability management processes, penetration testing, and threat modeling.
• Awareness of emerging technologies and their associated risks.
• Advanced analytical and problem‑solving skills for assessing and prioritizing risks.
• Effective communication and presentation skills to translate technical risks into business impacts for stakeholders.
• Proficiency in creating detailed documentation, including risk reports, policies, and compliance evidence.
• Preferred CISSP, CRISC or other security certifications.

• Perform regular risk assessments of IT and OT systems, including networks, cloud platforms, IoT devices, and software, aligned with NIST and CIS Controls.
• Ensure compliance with security regulations (e.g., GDPR, CCPA, PCI DSS) and manage third‑party risks.

• Lead vulnerability scans, penetration tests, and threat modeling.
• Assess and address vulnerabilities, prioritize patches, and adapt to new threats in collaboration with teams.
• Present risk reports to stakeholders, translating technical details into business impacts.
• Use methods like FAIR to prioritize risks and provide updates on risks, incidents, and mitigation efforts.

• Partner with governance and IT teams to develop and implement risk mitigation strategies aligned with security and business goals.
• Act as a key incident response team member, offering expertise during security incidents.
• Conduct post‑incident evaluations, identify root causes, and participate in simulations to enhance response readiness.

• Contribute to developing and refining cybersecurity policies, standards, and procedures aligned with risk management strategies.
• Provide input on creating technical security standards supporting risk management goals.

• Ensure compliance with regulatory requirements through risk assessments, vulnerability management, and mitigation efforts.
• Support cybersecurity audits by providing documentation, reports, and evidence of remediation activities.

• Monitor KPIs to evaluate the effectiveness of risk and vulnerability management programs.
• Leverage metrics, automated…