Manager, Cybersecurity - Protect
Motiva Enterprises LLC

At Motiva, our employees' energy, passion, and dedication to excellence are what make us who we are and what allows us to generate energy that makes a house a home, gets us from point A to point B, and enables our health and wellbeing. We invest in every aspect of our employees' lives because, at Motiva, our people matter.

Headquartered in Houston, Texas, Motiva refines, distributes and markets petroleum products throughout the Americas. The company's Port Arthur Manufacturing Complex in Port Arthur, TX, is comprised of North America's largest refinery with a total throughput of 720,000 barrels per day, the world's second largest base oil plant, and an integrated chemical plant. Under exclusive long-term brand licenses with Shell and Phillips 66 (for the 76® brand), Motiva's commercial operations supply more than 12 billion gallons of fuel to customers annually. Motiva is wholly owned by Aramco, one of the world's largest integrated energy and chemicals companies.

Position Overview:

The Cybersecurity Manager - Protect leads the team responsible for designing, implementing, and continuously improving the preventive security controls that safeguard the company's IT and OT systems, data, and identities. Aligned to the NIST Cybersecurity Framework Protect function, this role owns the programs and technologies that reduce attack surface and stop threats before they require a response - vulnerability and patch management, identity and access management, data protection, email and web security, network segmentation, endpoint hardening, and secure configuration baselines across cloud and on-premises environments.

The leader partners closely with the Detect/Respond, OT Cybersecurity, GRC, and IT Infrastructure teams to ensure preventive controls are measurable, sustainable, and aligned with the company's risk appetite. A core focus is maturing the organization's protective posture, growing the technical depth of the team, and delivering measurable reductions in exploitable risk. The position reports to the Chief Information Security Officer and collaborates closely with senior leaders across the enterprise.

Responsibilities:

• Lead and mentor a team of security analysts responsible for protective controls across IT and OT environments, providing guidance, feedback, coaching, and career development.
  
• Own the enterprise vulnerability management program end-to-end: discovery, prioritization (risk- and exploitability-based), remediation coordination with IT and OT asset owners, exception management, and reporting on SLA performance and risk reduction over time.
  
• Direct the patch management strategy in partnership with IT Operations and OT Engineering, ensuring timely deployment of security updates while respecting operational constraints in refinery environments.
  
• Manage the email security stack, including Microsoft Defender for Office 365 and Abnormal Security, tuning policies, evaluating efficacy, and reducing phishing and business email compromise exposure. Partner with the security awareness program to close the human layer of email risk.
  
• Own firewall, network segmentation, and zero-trust architecture programs, including policy lifecycle management, rule review and recertification, micro-segmentation initiatives, and IT/OT boundary protections aligned to ISA/IEC 62443.
  
• Oversee endpoint and server hardening programs, secure baseline configuration management, and protective controls within Microsoft Defender XDR and adjacent platforms.
  
• Design, implement, and continuously improve cloud security protective controls in Azure, including secure landing zones, posture management.
  
• Collaborate with the Detect/Respond function to establish protective control metrics and dashboards - vulnerability SLA performance, patch compliance, phishing simulation outcomes, firewall hygiene, privileged account coverage, configuration drift - and report posture and risk trends to senior leadership.
  
• Research and evaluate emerging protective technologies and techniques, providing recommendations for adoption, pilot, and integration with existing toolsets.
  
• Partner with the Detect/Respond function to translate threat intelligence and incident lessons learned into hardened controls, closed coverage gaps, and improved baselines.
  
• Collaborate with GRC, Internal Audit, IT, OT Engineering, Legal, and external partners to ensure protective controls satisfy regulatory, contractual, and organizational governance requirements (e.g., NIST CSF, NIST 800-53, ISA/IEC 62443, MTSA).
  
• Manage protective security projects and initiatives, ensuring timely delivery, quality outcomes, and measurable risk reduction.
  

Experience and Qualifications:

Required Education and Experience:

• Bachelor's or advanced degree in Computer Science, Information Technology, Cybersecurity, or a related field. Pertinent professional experience may substitute for the education requirement on a year-for-year basis.
  
• 11+ years of experience in IT security with significant depth in preventive/protective domains - vulnerability management, identity and access, network security, endpoint and email security, and cloud security - within a large-scale organization, including at least 8 years in a leadership or management role.
  
• Relevant certifications (e.g., CISSP, CISM). Equivalent training and experience may be considered.
  
• Strong knowledge of industry standards and frameworks including the NIST Cybersecurity Framework (with deep familiarity with the Protect function), NIST 800-53, and CIS Controls.
  
• Hands-on familiarity with enterprise email security platforms, particularly Microsoft Defender for Office 365 and Abnormal Security.
  
• Proven experience operating modern vulnerability management programs at scale, including risk-based prioritization, exploitability context (e.g., EPSS, CISA KEV), and SLA-driven remediation.
  
• Strong understanding of firewall and network security technologies, zero-trust principles, segmentation strategies, and secure cloud network design.
  
• Excellent communication and interpersonal skills, with a demonstrated customer-experience mindset when working with internal stakeholders.
  
• Strong organizational and project management skills, with the ability to prioritize and run multiple workstreams simultaneously.
  
• Strong analytical, problem-solving, and decision-making skills.
  

Preferred Education and Experience:

• Experience with risk and control related to Operational Technology (OT) environments.
  
• Strong data analytics and reporting skills
  

We reserve the right to amend or withdraw Motiva jobs at any time, including prior to the closing date. Depending on qualifications, the successful candidate may be offered a position at a more appropriate level and/or grade.

Applicants for regular U.S. positions must be authorized to work in the United States for Motiva Enterprises LLC without the need for sponsorship of an immigration authorization or visa (for example, TN, H-1B, or other employment-based immigration authorization or visa).

Motiva participates in E-Verify.

All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, age, religion, disability, sexual orientation, gender identity, protected veteran status, citizenship, genetic information, or other protected status under federal, state, or local laws.

---