Marathon Petroleum Corporation
Governance, Risk, & Compliance (GRC) Director
Marathon Petroleum Corporation, Findlay, Ohio, us, 45839
# **An exciting career awaits you**At MPC, we’re committed to being a great place to work – one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.As an energy industry leader, our career opportunities fuel personal and professional growth.Location:San Antonio, TexasAdditional locations:Findlay, OhioJob Requisition ID:00020100Location Address:19100 Ridgewood PkwyEducation:Bachelors (Required)Employee Group:Full timeEmployee Subgroup:RegularMarathon Petroleum Company LP is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without discrimination on the basis of race, color, religion, creed, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, reproductive health decision-making, age, mental or physical disability, medical condition or AIDS/HIV status, ancestry, national origin, genetic information, military, veteran status, marital status, citizenship
or any other status protected by applicable federal, state, or local laws.
If you would like more information about your EEO rights as an applicant, .
If you need a reasonable accommodation for any part of the application process at Marathon Petroleum LP, please contact our Human Resources Department at talentacquisition@marathonpetroleum.com. Please specify the reasonable accommodation you are requesting, along with the job posting number in which you may be interested. A Human Resources representative will review your request and contact you to discuss a reasonable accommodation. Marathon Petroleum offers a total rewards program which includes, but is not limited to, access to health, vision, and dental insurance, paid time off, 401k matching program, paid parental leave, and educational reimbursement. Detailed benefit information is available at .The hired candidate will also be eligible for a discretionary company-sponsored annual bonus program.
Equal Opportunity Employer: Veteran / DisabilityWe will consider all qualified Applicants for employment, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws. In reviewing criminal history in connection with a conditional offer of employment, Marathon will consider the key responsibilities of the role.## **Position Summary:**The Governance, Risk, & Compliance (GRC) Director leads Marathon Petroleum's cybersecurity governance, risk, and compliance functions, ensuring the organization maintains a strong security posture while meeting regulatory obligations and enabling business objectives. This role provides strategic oversight of enterprise risk management, policy development, regulatory compliance programs, and third-party risk management. The GRC Director serves as a key advisor to executive leadership and the Board on cybersecurity risk, compliance status, and program effectiveness, translating technical risks into business terms that drive informed decision-making.Accountable for business results primarily achieved through the work of others. Manages staff, sets direction, and deploys resources. Responsible for employee development, performance reviews, pay reviews, and staffing decisions. Accountable for business, functional or operational areas, processes, or programs.## **Key Responsibilities:*** Leads managers and individual contributors through guidance, coaching, and support to ensure assignments align with organizational goals and established policies. Drives recruitment, development, retention, performance management, and succession planning to build a strong talent pipeline.* Collaborates with key stakeholders and senior management to provide strategic guidance on technology risks, opportunities, and prioritization, ensuring cost effective and agile solutions.* Oversees the planning, design, implementation, and measurement of IT systems, balancing agility with stability, security, and efficiency.* Develops and oversees enterprise IT and cybersecurity governance frameworks, including policies, standards, procedures, and training that guide secure technology operations across the organization.* Leads the designs and execution of enterprise-wide technology risk management processes, including cyber risk assessments and mitigation planning to protect critical systems and data.* Directs and leads compliance programs for regulatory and industry standards (e.g., SOX, NIST, ISO 27001, PCI-DSS), to include a specific focus on TSA Pipeline Security Directives, MTSA (Maritime Transportation Security Act), ensuring processes and technical controls meet evolving requirements.* Oversees third-party cyber risk management, vendor security assessments, and M&A ventures, establishing due diligence and ongoing monitoring processes to reduce supply chain and partner risks.* Implements and manages security control frameworks and technical safeguards, collaborating with IT and business units to integrate security requirements into systems, networks, applications, and data platforms.* Establishes processes and metrics to monitor compliance, risk posture, risk trends, and control effectiveness, and mechanisms for executive, internal and external audit, and regulatory reporting* Develops and presents cybersecurity risk metrics, dashboards, and executive briefings to senior leadership and the Board, ensuring visibility into the organization's risk posture, compliance status, and program maturity.* Coordinates with internal audit, external auditors, and regulatory examiners to support audit activities, manage findings, and drive timely remediation of identified gaps.* Owns and manages GRC platform strategy and operations, including tool selection, configuration, and optimization to enable efficient risk assessments, policy management, control testing, and compliance workflows.## **Education and Experience:*** Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, Engineering, Business, or other computer-related degree required.* Twelve (12) or more years of diversified IT experience required.* Five (5) or more years directly managing professional staff required.* Experience with NIST Cybersecurity Framework (CSF) 2.0 preferred.* Certification in CISSP, C-CISO, CRISC, or CISA (or equivalent) highly preferred.## ## **Skills:*** **Adaptability –** Maintaining effectiveness when experiencing major changes in work responsibilities or environment (e.g., people, processes, structure, or culture); adjusting effectively to change by exploring the benefits, trying new approaches, and collaborating with others to make the change successful.* **Authentic Communicator -** Expresses ideas and information, both verbally and in writing, clearly and credibly. Listens to understand and fosters constructive dialogue.* **Business Acumen -** Applies knowledge of MPC’s business, industry, and the marketplace to advance the
organization’s goals. Makes decisions and recommendations clearly linked to MPC’s strategy.* **Continuous Improvement Mindset** - Identifies and leads opportunities for continuous improvement and value creation, both incremental and large-scale.* **Data-Driven Decision Making** - Applies data to make informed decisions with a priority on using real-time data, analytics, and insights to optimize operations, improve safety, and enhance the company's competitive edge.* **Digital Awareness** - Actively explore, learn, and implement emerging digital tools, technologies, and trends. Involves seeking out new information, asking insightful questions, and testing innovative approaches to understand how digital solutions can create value, improve processes, or enhance experiences. Demonstrates openness to change, continuous learning, and adapting to the evolving digital landscape.* #J-18808-Ljbffr
or any other status protected by applicable federal, state, or local laws.
If you would like more information about your EEO rights as an applicant, .
If you need a reasonable accommodation for any part of the application process at Marathon Petroleum LP, please contact our Human Resources Department at talentacquisition@marathonpetroleum.com. Please specify the reasonable accommodation you are requesting, along with the job posting number in which you may be interested. A Human Resources representative will review your request and contact you to discuss a reasonable accommodation. Marathon Petroleum offers a total rewards program which includes, but is not limited to, access to health, vision, and dental insurance, paid time off, 401k matching program, paid parental leave, and educational reimbursement. Detailed benefit information is available at .The hired candidate will also be eligible for a discretionary company-sponsored annual bonus program.
Equal Opportunity Employer: Veteran / DisabilityWe will consider all qualified Applicants for employment, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws. In reviewing criminal history in connection with a conditional offer of employment, Marathon will consider the key responsibilities of the role.## **Position Summary:**The Governance, Risk, & Compliance (GRC) Director leads Marathon Petroleum's cybersecurity governance, risk, and compliance functions, ensuring the organization maintains a strong security posture while meeting regulatory obligations and enabling business objectives. This role provides strategic oversight of enterprise risk management, policy development, regulatory compliance programs, and third-party risk management. The GRC Director serves as a key advisor to executive leadership and the Board on cybersecurity risk, compliance status, and program effectiveness, translating technical risks into business terms that drive informed decision-making.Accountable for business results primarily achieved through the work of others. Manages staff, sets direction, and deploys resources. Responsible for employee development, performance reviews, pay reviews, and staffing decisions. Accountable for business, functional or operational areas, processes, or programs.## **Key Responsibilities:*** Leads managers and individual contributors through guidance, coaching, and support to ensure assignments align with organizational goals and established policies. Drives recruitment, development, retention, performance management, and succession planning to build a strong talent pipeline.* Collaborates with key stakeholders and senior management to provide strategic guidance on technology risks, opportunities, and prioritization, ensuring cost effective and agile solutions.* Oversees the planning, design, implementation, and measurement of IT systems, balancing agility with stability, security, and efficiency.* Develops and oversees enterprise IT and cybersecurity governance frameworks, including policies, standards, procedures, and training that guide secure technology operations across the organization.* Leads the designs and execution of enterprise-wide technology risk management processes, including cyber risk assessments and mitigation planning to protect critical systems and data.* Directs and leads compliance programs for regulatory and industry standards (e.g., SOX, NIST, ISO 27001, PCI-DSS), to include a specific focus on TSA Pipeline Security Directives, MTSA (Maritime Transportation Security Act), ensuring processes and technical controls meet evolving requirements.* Oversees third-party cyber risk management, vendor security assessments, and M&A ventures, establishing due diligence and ongoing monitoring processes to reduce supply chain and partner risks.* Implements and manages security control frameworks and technical safeguards, collaborating with IT and business units to integrate security requirements into systems, networks, applications, and data platforms.* Establishes processes and metrics to monitor compliance, risk posture, risk trends, and control effectiveness, and mechanisms for executive, internal and external audit, and regulatory reporting* Develops and presents cybersecurity risk metrics, dashboards, and executive briefings to senior leadership and the Board, ensuring visibility into the organization's risk posture, compliance status, and program maturity.* Coordinates with internal audit, external auditors, and regulatory examiners to support audit activities, manage findings, and drive timely remediation of identified gaps.* Owns and manages GRC platform strategy and operations, including tool selection, configuration, and optimization to enable efficient risk assessments, policy management, control testing, and compliance workflows.## **Education and Experience:*** Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, Engineering, Business, or other computer-related degree required.* Twelve (12) or more years of diversified IT experience required.* Five (5) or more years directly managing professional staff required.* Experience with NIST Cybersecurity Framework (CSF) 2.0 preferred.* Certification in CISSP, C-CISO, CRISC, or CISA (or equivalent) highly preferred.## ## **Skills:*** **Adaptability –** Maintaining effectiveness when experiencing major changes in work responsibilities or environment (e.g., people, processes, structure, or culture); adjusting effectively to change by exploring the benefits, trying new approaches, and collaborating with others to make the change successful.* **Authentic Communicator -** Expresses ideas and information, both verbally and in writing, clearly and credibly. Listens to understand and fosters constructive dialogue.* **Business Acumen -** Applies knowledge of MPC’s business, industry, and the marketplace to advance the
organization’s goals. Makes decisions and recommendations clearly linked to MPC’s strategy.* **Continuous Improvement Mindset** - Identifies and leads opportunities for continuous improvement and value creation, both incremental and large-scale.* **Data-Driven Decision Making** - Applies data to make informed decisions with a priority on using real-time data, analytics, and insights to optimize operations, improve safety, and enhance the company's competitive edge.* **Digital Awareness** - Actively explore, learn, and implement emerging digital tools, technologies, and trends. Involves seeking out new information, asking insightful questions, and testing innovative approaches to understand how digital solutions can create value, improve processes, or enhance experiences. Demonstrates openness to change, continuous learning, and adapting to the evolving digital landscape.* #J-18808-Ljbffr