Cybersecurity Director

An exciting career awaits you

At MPC, we’re committed to being a great place to work – one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.

Position Summary

The Cybersecurity Director is accountable for leading the organization’s cybersecurity strategy, operations, and governance programs to protect critical systems, data, and business operations. This role provides senior leadership across cyber defense, governance, risk, and compliance functions, with responsibility for aligning cybersecurity monitoring, detection and response, vulnerability management, threat intelligence, technology governance, compliance, and risk management to enterprise objectives and regulatory requirements. The incumbent partners closely with senior leaders, IT, and business stakeholders to enable secure, resilient, and effective technology operations.

This position leads people leaders and specialized teams within the Cyber Fusion Center and Governance, Risk, and Compliance (GRC) functions, with accountability for talent development, performance management, succession planning, and continuous improvement of cybersecurity and GRC capabilities. The Cybersecurity Director also serves as the enterprise Cybersecurity Incident Commander, ensuring 24/7 response readiness, effective incident management, and coordinated engagement across IT, legal, audit, emergency preparedness, risk, and business teams. Additionally, the role is responsible for maintaining risk, compliance, and governance reporting, audit readiness, and executive visibility into the maturity and effectiveness of the cybersecurity program.

Accountable for business results primarily achieved through the work of others. Manages staff, sets direction, and deploys resources. Has responsibility for employee development, performance reviews, pay reviews, and staffing decisions. Accountable for business, functional or operational areas, processes, or programs.

Key Responsibilities

• Leads people leaders and individual contributors through guidance, coaching, and support to ensure assignments align with organizational goals and established policies. Drives recruitment, development, retention, performance management, and succession planning to build a strong talent pipeline. Collaborates with key stakeholders and senior management to provide strategic guidance on technology risks, opportunities, and prioritization, ensuring cost-effective and agile solutions. Oversees the planning, design, implementation, and measurement of IT systems, balancing agility with stability, security, and efficiency.
• Develop and execute the Cyber Fusion Center (CFC) and Governance, Risk, and Compliance (GRC) strategies, aligning cybersecurity incident monitoring, detection and response, vulnerability management, threat intelligence and hunting, IT and cybersecurity governance, compliance, and risk management to enterprise security objectives, enterprise risk management, and regulatory requirements.
• Oversee the integration and management of advanced security technologies and platforms, including SIEM, SOAR, EASM, vulnerability management, threat intelligence feeds, and endpoint and network security logs to enable comprehensive threat detection and response, and defensive posture assessment.
• Guide and oversee the enterprise IT and cybersecurity governance frameworks that guide secure technology operations across the organization, collaborating with IT and business units to integrate security requirements into digital systems.
• Oversee enterprise-wide technology risk management processes, including internal and external cyber risk assessments, M&A ventures, and mitigation planning to protect critical systems and data.
• Lead the design and continuous improvement of cybersecurity processes and workflows, ensuring efficient coordination across threat hunting, monitoring, vulnerability management, and incident response teams within the CFC; and across governance, risk, and compliance within the GRC function.
• Serves as the enterprise Cybersecurity Incident Commander and ensures real-time threat detection, analysis, and rapid incident response capabilities, establishing 24/7 operations, playbooks, and automated response mechanisms to minimize operational impacts in the event of an incident.
• Manage collaboration with IT, security, emergency preparedness, legal, audit, risk, and business units, developing cross-functional threat response processes and aligned strategies to strengthen the company’s security posture; and with trade associations and ISACs, fostering information sharing and best practices.
• Drive compliance, governance, and reporting frameworks, monitoring risk posture and maintaining audit readiness, metrics, and executive and regulatory reporting to demonstrate effectiveness, maturity, and continuous improvement of cyber capabilities.

Education and Experience

• Bachelor's degree in Computer Science, Information Technology, Management Information Systems, Engineering, or other computer-related degree required.
• Twelve (12) or more years of diversified IT experience with at least five (5) years in Cybersecurity required.
• Five (5) or more years managing first level leaders and high-level professional staff.
• Two (2) or more years of experience leading cyber incident response required.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) preferred.

Skills

• Authentic Communicator – Expresses ideas and information, both verbally and in writing, clearly and credibly. Listens to understand and fosters constructive dialogue.
• Business Acumen – Applies knowledge of MPC’s business, industry, and the marketplace to advance the organization’s goals. Makes decisions and recommendations clearly linked to MPC’s strategy.
• Continuous Improvement Mindset – Identifies and leads opportunities for continuous improvement and value creation, both incremental and large-scale.
• Data-Driven Decision Making – Applies data to make informed decisions with a priority on using real-time data, analytics, and insights to optimize operations, improve safety, and enhance the company’s competitive edge.
• Digital Awareness – Actively explore, learn, and implement emerging digital tools, technologies, and trends. Involves seeking out new information, asking insightful questions, and testing innovative approaches to understand how digital solutions can create value, improve processes, or enhance experiences. Demonstrates openness to change, continuous learning, and adapting to the evolving digital landscape.
• Energizing the Organization – Creates a purposeful, engaged, optimistic workforce.
• Influencing Others – The ability to garner support for initiatives by gaining the respect of others and inspiring trust and confidence.
• Ongoing Learning & Self-Development – Regularly determines new areas for learning and acquires strategies and best practices for gaining/improving knowledge, behaviors, and skills.
• Results Driven – Drives operational and process excellence and innovative behavior by empowering others, collaborating, taking appropriate risks, making timely decisions, and holding people accountable for results.
• Selecting and Developing People – Recognizes and selects high caliber talent, accurately assesses abilities and potential, coaches to develop capabilities and builds high- performing teams.
• Strategic Outlook – Examines issues, generates ideas, creates future scenarios, and develops plans with a long-term perspective. Ensures short-term goals support long-term strategy and that organizational/functional strategy aligns with and supports MPC’s overall business strategy.

Location

San Antonio, Texas

Additional Locations

• Findlay, Ohio
• Houston, Texas

Job Requisition ID

00022129

Location Address

19100 Ridgewood Pkwy

Employee Group

Full time

Employee Subgroup

Regular

Marathon Petroleum is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without discrimination on the basis of race, color, religion, creed, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, reproductive health decision-making, age, mental or physical disability, medical condition or AIDS/HIV status, ancestry, national origin, genetic information, military, veteran status, marital status, citizenship or any other status protected by applicable federal, state, or local laws. If you would like more information about your EEO rights as an applicant, click here ( If you need a reasonable accommodation for any part of the application process, please contact our Human Resources Department. The hired candidate will also be eligible for a discretionary company-sponsored annual bonus program. Equal Opportunity Employer: Veteran / Disability.

We will consider all qualified Applicants for employment, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws. In reviewing criminal history in connection with a conditional offer of employment, Marathon will consider the key responsibilities of the role.

Benefits: Marathon Petroleum offers a total rewards program which includes, but is not limited to, access to health, vision, and dental insurance, paid time off, 401k matching program, paid parental leave, and educational reimbursement. Detailed benefit information is available at