Job Summary

The Cybersecruity Compliance and Regulatory Support Manager leads CITGO efforts in cybersecurity regulatory compliance, privacy program management, and audit readiness. In this dynamic role, the employee oversees critical areas such as disaster recovery testing, vendor contract compliance, and incident response reporting, ensuring our business remains resilient and secure. As a key contributor, the employee collaborates with cross-functional teams to drive compliance initiatives, protect sensitive data, and help maintain the trust of CITGO’s network.

Minimum Qualifications

Degree:

• Bachelor's Degree

The minimum number of years of job related experience required by this job is: 

• 8 years.

List any specialized training or unique skills required / preferred:

• Regulatory Frameworks: In-depth knowledge of major cybersecurity and privacy regulations such as CCPA, HIPAA, PCI-DSS, SOX, and other applicable frameworks.
• Compliance Standards: Familiarity with standards like ISO 27001 and NIST 800.53 and 800.82.
• Business Continuity and Disaster Recovery: knowledge of DR/BCP frameworks, methodologies, and testing practices.
• Privacy Program Management: Expertise in privacy regulations and impact assessment methodologies, including understanding data lifecycle management.
• Attention to Detail: Precision in managing audits, legal advisory tasks, and e-discovery processes to ensure adherence to evidentiary and compliance standards.
• Data-Driven Decision Making: Skill in using metrics, documentation, and reports to guide decision-making and demonstrate compliance readiness
• Regulatory Compliance: At least 5+ years of experience in compliance, cybersecurity, privacy, or a related field.

Job Duties

1. Regulatory Compliance & Privacy Program Oversight:

• Lead the organization’s compliance with cybersecurity and privacy regulations (e.g., GDPR, HIPAA, PCI-DSS), ensuring continuous monitoring and adherence to evolving regulatory landscapes.
• Help develop and implement compliance training programs for employees, fostering a culture of accountability and awareness.
• Coordinate the organization's cyber regulatory activities, maintaining positive relationships with regulatory bodies and proactively addressing legal inquiries.

2. Disaster Recovery Testing:

• Manage and execute disaster recovery (DR) and business continuity plan (BCP) testing, coordinating with key stakeholders to identify and remediate gaps.
• Maintain documentation and metrics for DR/BCP test results, providing actionable insights to enhance resilience.

3. Business Impact Analyssi (BIA):

• Conduct in-depth business cybersecurity impact assessments (BIAs) to identify critical business processes and prioritize cybersecurity risk mitigation strategies.
• Collaborate with cross-functional teams to create recovery time objectives (RTOs) and recovery point objectives (RPOs) for business continuity.

4. Incident Response & Reporting:

• Oversee compliance-related aspects of incident response, creating detailed post-incident reports aligned with legal and regulatory requirements.
• Establish robust escalation procedures to meet data breach notification timelines and ensure transparency with stakeholders.

Job Duties II

5. Privacy Program Management:

• Manage privacy impact assessments, ensuring all new initiatives are reviewed for compliance with data privacy regulations.
• Coordinate and collaborate with business departments on safeguarding sensitive information throughout its lifecycle

6. Vendor Contract Compliance:

• Collaborate with contract and policy leads to include appropriate cybersecurity and privacy clauses in vendor contracts and agreements.
• Collaborate on performing regular vendor risk assessments to comply with regulatory and security standards.

7. Legal Advisory & e-Discovery:

• Lead e-discovery and forensic investigations with precision, ensuring proper chain of custody and compliance with evidentiary standards.
• Collaborate with the CITGO Legal department to ensure legal compliance in cybersecurity and privacy matters

8. Supervision and Collaboration with Analysts:

• Supervise the compliance and regulatory team
• Partner with the cross functional team members to ensure comprehensive tracking of regulatory compliance initiatives.
• Review detailed audit findings and vendor assessments to identify areas for process improvement and risk reduction.