Cybersecurity Manager; Midstream OT Compliance

Position: Cybersecurity Manager (Midstream OT Compliance)
An exciting career awaits you
At MPC, we're committed to being a great place to work - one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.

Position Summary
At Marathon, we are trailblazers in the Oil & Gas industry, driving innovation and creating value through cutting edge digital platforms and infrastructure. Our Midstream IT organization supports Marathon's Midstream Business Units, including Gathering, Transporting, Storing, Processing, and Distributing Oil & Gas products. We take pride in our ability to deliver high-quality services and transformative solutions that enhance operational performance.

As we continue to transform the Midstream technological landscape, we are seeking a visionary and experienced IT Manager of OT Compliance to lead the development and execution of a comprehensive compliance program within Marathon'sOperational Technology (OT) environment. This role is pivotal in shaping a multi-year strategic roadmap that embeds compliance-by-default principles and fosters a culture of proactive risk management across OT systems.

As a key leader within the Midstream IT department, a successful candidate will collaborate across OT Operations, Support, Service Management, Infrastructure, and Cybersecurity teams to ensure alignment and scalability of compliance initiatives. The role demands a creative, automation-first mindset and deep expertise in compliance architecture, risk analytics, and platform development.

This position offers the opportunity to influence enterprise-wide compliance strategy, drive operational excellence, and deliver measurable improvements in audit readiness, governance, and risk posture. The ideal candidate will bring a strong blend of technical acumen, leadership capability, and strategic foresight to elevate the maturity of Marathon's OT compliance landscape.

This role is accountable for business results primarily achieved through the work of others. Manages staff, sets direction, and deploys resources. Has responsibility for employee development, performance reviews, pay reviews, and staffing decisions. Accountable for business, functional or operational areas, processes, or programs.

Key Responsibilities

• Manages daily operations of the team, providing guidance, mentorship, and driving a culture of innovation and continuous improvement. Oversees recruitment, development, retention, and performance to build strong talent.
• Plans and leads low- to medium-complexity IT projects, ensuring they are delivered on time, within budget, and adhere to quality standards.
• Ensures the availability, reliability, and security of technology systems. Collaborates with key stakeholders and internal groups to identify needs, deliver effective solutions, and support business objectives.
• Implements cybersecurity strategy & drives governance, risk & compliance (NIST-aligned), Owns program strategy, policies/standards, defines risk appetite/tolerance and compliance objectives, maintains a multi-year roadmap, champions security awareness/culture.
• Monitors and analyzes security events, coordinates incident response to minimize impact, maintains and executes the Incident Response plan, runs exercises; and aligns with Business Continuity / Disaster Response to ensure rapid recovery and post-incident improvements.
• Designs, implements, and maintains security controls and tooling (e.g., firewalls, IDS/IPS, EDR, encryption); ensures secure configurations and lifecycle management; evaluates new capabilities to strengthen security posture.
• Runs enterprise risk assessments and treatment plans, maintains the risk register, drives vulnerability management and pen testing, performs control testing/evidence management, supports audits, track compliance to applicable standards/regulations, ensures timely remediation and risk reporting/metrics.
• Partners with IT operations, software engineering, and OT teams to embed security by design and align to risk appetite; applies ITSM fundamentals where appropriate (incident/change/problem) to maintain service quality and stability.
• Governs security vendors/providers; assess and monitor…