IT SOX Senior Cybersecurity Analyst

Employment Type: Full time

Position Overview

An exciting career awaits you at MPC! We are committed to being a great place to work – one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.

The IT SOX Senior Cybersecurity Analyst is a critical member of the Cybersecurity and Infrastructure Compliance team, responsible for driving the execution and maturity of the company’s IT SOX compliance program. This role blends deep knowledge of IT general controls and audit readiness with the ability to advise on technical implementations of such controls across cloud, on-premises, and hybrid environments. The ideal candidate brings a strong background in IT SOX testing and control monitoring, and serves as a key liaison between internal stakeholders, external auditors, and control owners.

In this role, you will evaluate, develop, and enhance controls related to access, change management, and system development lifecycle (SDLC); support audit and risk assessment activities; and provide guidance on integrating SOX security into systems and processes, including emerging technologies such as AI and cloud-based platforms. You will play a vital role in identifying compliance risks, supporting remediation efforts, and promoting a strong control environment that aligns with regulatory requirements and corporate cybersecurity standards.

Key Responsibilities

• Conducts detailed analyses on controls related to complex business processes and systems, including IT general controls and application controls, and their relationship to other internal and external systems to assess business and compliance impact of security issues.
• Drives the resolution of routine multi-functional technical and compliance issues.
• Oversees, advises on, and manages Cybersecurity assessments and IT Compliance (e.g., SOX or PCI) related risks across the environment.
• Develops and evaluates the efficiency and effectiveness of security and compliance processes and controls through the creation and maintenance of detailed security and/or SOX/PCI compliance reports, as necessary.
• Analyzes and maintains security and compliance audit documentation, monitors relevant advisory groups, and assists with security incidents and audit-driven investigations.
• Performs Incident Detection, Analysis, Response Planning, Containment, Eradication, Forensics, and Reporting.
• Assists in the development of innovative ideas to formulate risk mitigation and remediation plans for compliance activities including SOX/PCI and approaches to ensure adherence.
• Leads implementation of global security and compliance initiatives, policies, and control requirements.
• Develops and tracks metrics related to compliance (e.g., SOX/PCI) posture and testing status.
• Manages cyber security-related consulting, guidance, and compliance support to customers and stakeholders.
• Translates security principles to assist configuration teams with incorporating security into build and configuration processes.
• Monitors emerging Information Technology/Operations Technology and cybersecurity technologies as well as their impact on control frameworks, compliance requirements, and risk posture.

Education and Experience

• Bachelor’s Degree in Information Technology, related field, or equivalent experience.
• 5+ years of relevant experience required.
• Experience with ITGC frameworks and SOX 404 testing requirements, including change management, access management, and SDLCs, is required.
• Strong understanding of cybersecurity risk frameworks (e.g., NIST CSF, NIST 800-53, COBIT) and their application within a SOX-controlled environment is required.
• Experience interfacing with internal and external auditors, including preparing formal audit responses and control documentation, is required.
• Professional certification, e.g., Security+, CISA, Network+, OSCP, GIAC, CEH preferred.
• Familiarity with cloud environments and SaaS platforms, including cloud security controls relevant to SOX.

Salary

• [Salary information not provided]

Location Type

• [Location Type information not provided]