• Governance, Risk, & Compliance (GRC) Director

    Marathon Petroleum Corporation (San Antonio, TX)


    An exciting career awaits you

     

    At MPC, we’re committed to being a great place to work – one that welcomes new ideas, encourages diverse perspectives, develops our people, and fosters a collaborative team environment.

    Position Summary:

    The Governance, Risk, & Compliance (GRC) Director leads Marathon Petroleum's cybersecurity governance, risk, and compliance functions, ensuring the organization maintains a strong security posture while meeting regulatory obligations and enabling business objectives. This role provides strategic oversight of enterprise risk management, policy development, regulatory compliance programs, and third-party risk management. The GRC Director serves as a key advisor to executive leadership and the Board on cybersecurity risk, compliance status, and program effectiveness, translating technical risks into business terms that drive informed decision-making.

     

    Accountable for business results primarily achieved through the work of others. Manages staff, sets direction, and deploys resources. Responsible for employee development, performance reviews, pay reviews, and staffing decisions. Accountable for business, functional or operational areas, processes, or programs.

    Key Responsibilities:

    + Leads managers and individual contributors through guidance, coaching, and support to ensure assignments align with organizational goals and established policies. Drives recruitment, development, retention, performance management, and succession planning to build a strong talent pipeline.

    + Collaborates with key stakeholders and senior management to provide strategic guidance on technology risks, opportunities, and prioritization, ensuring cost effective and agile solutions.

    + Oversees the planning, design, implementation, and measurement of IT systems, balancing agility with stability, security, and efficiency.

    + Develops and oversees enterprise IT and cybersecurity governance frameworks, including policies, standards, procedures, and training that guide secure technology operations across the organization.

    + Leads the designs and execution of enterprise-wide technology risk management processes, including cyber risk assessments and mitigation planning to protect critical systems and data.

    + Directs and leads compliance programs for regulatory and industry standards (e.g., SOX, NIST, ISO 27001, PCI-DSS), to include a specific focus on TSA Pipeline Security Directives, MTSA (Maritime Transportation Security Act), ensuring processes and technical controls meet evolving requirements.

    + Oversees third-party cyber risk management, vendor security assessments, and M&A ventures, establishing due diligence and ongoing monitoring processes to reduce supply chain and partner risks.

    + Implements and manages security control frameworks and technical safeguards, collaborating with IT and business units to integrate security requirements into systems, networks, applications, and data platforms.

    + Establishes processes and metrics to monitor compliance, risk posture, risk trends, and control effectiveness, and mechanisms for executive, internal and external audit, and regulatory reporting

    + Develops and presents cybersecurity risk metrics, dashboards, and executive briefings to senior leadership and the Board, ensuring visibility into the organization's risk posture, compliance status, and program maturity.

    + Coordinates with internal audit, external auditors, and regulatory examiners to support audit activities, manage findings, and drive timely remediation of identified gaps.

    + Owns and manages GRC platform strategy and operations, including tool selection, configuration, and optimization to enable efficient risk assessments, policy management, control testing, and compliance workflows.

    Education and Experience:

    + Bachelor's Degree in Computer Science, Information Technology, Management Information Systems, Engineering, Business, or other computer-related degree required.

    + Twelve (12) or more years of diversified IT experience required.

    + Five (5) or more years directly managing professional staff required.

    + Experience with NIST Cybersecurity Framework (CSF) 2.0 preferred.

    + Certification in CISSP, C-CISO, CRISC, or CISA (or equivalent) highly preferred.

    Skills:

    + Adaptability – Maintaining effectiveness when experiencing major changes in work responsibilities or environment (e.g., people, processes, structure, or culture); adjusting effectively to change by exploring the benefits, trying new approaches, and collaborating with others to make the change successful.

    + Authentic Communicator - Expresses ideas and information, both verbally and in writing, clearly and credibly. Listens to understand and fosters constructive dialogue.

    + Business Acumen - Applies knowledge of MPC’s business, industry, and the marketplace to advance the organization’s goals. Makes decisions and recommendations clearly linked to MPC’s strategy.

    + Continuous Improvement Mindset - Identifies and leads opportunities for continuous improvement and value creation, both incremental and large-scale.

    + Data-Driven Decision Making - Applies data to make informed decisions with a priority on using real-time data, analytics, and insights to optimize operations, improve safety, and enhance the company's competitive edge.

    + Digital Awareness - Actively explore, learn, and implement emerging digital tools, technologies, and trends. Involves seeking out new information, asking insightful questions, and testing innovative approaches to understand how digital solutions can create value, improve processes, or enhance experiences. Demonstrates openness to change, continuous learning, and adapting to the evolving digital landscape.

    + Energizing the Organization - Creates a purposeful, engaged, optimistic workforce.

    + Influencing Others - The ability to garner support for initiatives by gaining the respect of others and inspiring trust and confidence.

    + Ongoing Learning & Self-Development - Regularly determines new areas for learning and acquires strategies and best practices for gaining/improving knowledge, behaviors, and skills.

    + Results Driven - Drives operational and process excellence and innovative behavior by empowering others, collaborating, taking appropriate risks, making timely decisions, and holding people accountable for results.

    + Selecting and Developing People - Recognizes and selects high caliber talent, accurately assesses abilities and potential, coaches to develop capabilities and builds high- performing teams.

    + Strategic Outlook - Examines issues, generates ideas, creates future scenarios, and develops plans with a long-term perspective. Ensures short-term goals support long-term strategy and that organizational/functional strategy aligns with and supports MPC’s overall business strategy.

     

    As an energy industry leader, our career opportunities fuel personal and professional growth.

    Location:

    San Antonio, Texas

    Additional locations:

    Findlay, Ohio

    Job Requisition ID:

    00020100

    Location Address:

    19100 Ridgewood Pkwy

    Education:

    Bachelors (Required)

    Employee Group:

    Full time

    Employee Subgroup:

    Regular

     

    Marathon Petroleum Company LP is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without discrimination on the basis of race, color, religion, creed, sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, reproductive health decision-making, age, mental or physical disability, medical condition or AIDS/HIV status, ancestry, national origin, genetic information, military, veteran status, marital status, citizenship or any other status protected by applicable federal, state, or local laws. If you would like more information about your EEO rights as an applicant, click here (https://marathonpetroleum.brandextract.com/staged/marathonpetroleum.com/content/documents/Jobs\_/Department\_of\_Labor\_EEOC\_.pdf) . If you need a reasonable accommodation for any part of the application process at Marathon Petroleum LP, please contact our Human Resources Department at [email protected] . Please specify the reasonable accommodation you are requesting, along with the job posting number in which you may be interested. A Human Resources representative will review your request and contact you to discuss a reasonable accommodation. Marathon Petroleum offers a total rewards program which includes, but is not limited to, access to health, vision, and dental insurance, paid time off, 401k matching program, paid parental leave, and educational reimbursement. Detailed benefit information is available at https://mympcbenefits.com .The hired candidate will also be eligible for a discretionary company-sponsored annual bonus program. Equal Opportunity Employer: Veteran / Disability

     

    We will consider all qualified Applicants for employment, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws. In reviewing criminal history in connection with a conditional offer of employment, Marathon will consider the key responsibilities of the role.

     

    About Marathon Petroleum Corporation

     

    Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream energy company headquartered in Findlay, Ohio. The company operates the nation's largest refining system. MPC's marketing system includes branded locations across the United States, including Marathon brand retail outlets. MPC also owns the general partner and majority limited partner interest in MPLX LP, a midstream company that owns and operates gathering, processing, and fractionation assets, as well as crude oil and light product transportation and logistics infrastructure.