Chief Information Security Officer

Basic Function

HF Sinclair in Dallas, TX is seeking a Chief Information Security Officer (CISO) who will be responsible for establishing and maintaining the enterprise security vision, strategy, and program to ensure information assets and technologies are secured and protected. This includes oversight of both the information technology (IT) and operational technology (OT) security that protect the digital physical infrastructure. The CISO will work with executive management to determine acceptable levels of risk and provide strategic leadership and direction for the company's security function.

This role will lead the Cybersecurity risk committee for HF Sinclair and will ensure business functions are represented in the recommendations for prioritization of cybersecurity mitigation and improvement investments.

Job Duties

(Functions considered essential as defined by ADA):

• Works proactively with the Head of IT Infrastructure & Operations, the Chief Information Officer (CIO), and the broader IT Leadership Team, serving as an expert advisor to senior management in the development, implementation, and maintenance of enterprise-wide information security technology that ensures best practice control objectives for system integrity, availability, confidentiality, accountability, and assurance within the context of HF Sinclair's risk tolerance as set by senior management.
• Collaborates with executive management to create and maintain a cybersecurity strategy that aligns with the overall objectives of the company.
• Develops a cybersecurity program that helps increase the maturity of critical security capabilities across both IT/OT, including establishing a key security scorecard that represents the growth and ongoing improvement of the program and HF Sinclair's security posture.
• Prioritizes the security initiatives based on data-driven assessments to ensure that our investments are aligned to address the highest risk areas across our enterprise environment.
• Ensures compliance with industry standards, regulatory requirements, and corporate policies.
• Oversees all aspects of security operations including monitoring, detection, incident response, and recovery.
• Leads the investigation of security breaches and collaborates with operations, legal, and any other functions to help determine enterprise-wide actions.
• Works with OT personnel to effectively maintain security policies, standards, and procedures to ensure effective controls are in place across IT and OT environments, including cloud infrastructure, SCADA, DCS, etc.
• Collaborates and communicates with IT/OT leadership to ensure that HF Sinclair has a unified approach to security across the enterprise, leading direct reports and matrixed personnel that directly support operations.
• Studies emerging trends that enable the company to deploy transformational technologies with architecture and design that protects our company from threats.
• Oversees the development and implementation of security training programs across the company that increase cybersecurity awareness.

Special assignments or tasks assigned to the employee by their manager, as determined from time to time in their sole and complete discretion.

Experience

A minimum of 15 years of information technology experience including 7 years in a leadership capacity.

Education Level

Bachelor's in computer science, information systems, or related discipline required.

Required Skills

• Ability to work effectively across business and functional boundaries, communicate, and prioritize in a highly dynamic global work environment.
• Leadership experience developing global policies and strategies in collaboration with existing IT teams to protect human, physical, and information technology assets and intellectual property around the world; experience with applicable regulatory and standards frameworks (e.g., SOX, GLBA, SSAE16, PCI, ISA/IEC 62443, ISO2700x, NIST, TSA Directives etc.).
• Advanced understanding in several of the following areas: Platform Security, Data Security, Network Security, Perimeter Security, Physical Security, Security Assessment Tools, Security Monitoring Tools, and Managed Security Services.
• Advanced understanding in one or more of the following areas: Security Governance Standards, Business Continuity Planning, Compliance, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits.
• Experience with information system (technology) disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
• Experience in leading and managing IT security implementation.
• Understanding of increasing cyber vulnerability environments around consumer-facing assets, digital enterprise, big data, operations network, Internet of Things (IoT), unified cloud (internal, external, SaaS, Public), and associated actions to protect these assets. Expertise around Digital ID Management on Authorization and Authentication.
• Understanding of the amplifying regulatory environment around EU GDPR, safe harbor laws, and associated enforcements, technical, data, and policy actions to be taken.

PREFERRED SKILLS:

• Experience working with OT Security.
• Fortune 500 manufacturing and/or oil & gas company experience is desired.

Supervisory/Managerial Responsibility

• Will manage direct and indirect reports, as well as contractors.

Work Conditions

Office-based with travel up to 20-25%. Subject to all weather and varying road conditions.

Physical Requirements

Job conditions require standing, walking, sitting, talking or hearing, making visual inspections, making precise finger and hand movements, making advanced mathematical calculations.

Our One HF Sinclair Culture:

At HF Sinclair, we are united through our One HF Sinclair Culture, which is underpinned by our five core values of Safety, Integrity, Teamwork, Ownership, and Inclusion. Developed to empower our people, our five core cultural values are at the heart of everything we do and extend to how we engage our stakeholders. These values influence our decisions, shape our behaviors, and keep us connected across the entire organization.

We maintain a true Safety culture for our employees, communities, environments, and customers. Our goal is to make sure everyone returns home safely each day. We have a long-standing commitment to Integrity and ethical behavior and do what is right for our employees, investors, communities, and the environment. We encourage employees to Step Up and Stand Out by championing a culture of Teamwork and Ownership. We foster a culture of Inclusion by encouraging diversity of experiences, viewpoints, and backgrounds. What makes each of us different, together makes us stronger.

About HF Sinclair Corporation

HF Sinclair Corporation, headquartered in Dallas, Texas, is an independent energy company that produces and markets high-value light products such as gasoline, diesel fuel, jet fuel, renewable diesel, and other specialty products. HF Sinclair owns and operates refineries located in Kansas, Oklahoma, New Mexico, Wyoming, Washington, and Utah and markets its refined products principally in the Southwest U.S., the Rocky Mountains extending into the Pacific Northwest, and in other neighboring Plains states. HF Sinclair supplies high-quality fuels to more than 1,500 branded stations and licenses the use of the Sinclair brand at more than 300 additional locations throughout the country. In addition, subsidiaries of HF Sinclair produce and market base oils and other specialized lubricants in the U.S., Canada, and the Netherlands, and export products to more than 80 countries. Through its subsidiaries, HF Sinclair produces renewable diesel at two of its facilities in Wyoming and also at its facility in Artesia, New Mexico. HF Sinclair provides petroleum product and crude oil transportation, terminalling, storage, and throughput services to its refineries and the petroleum industry.

Equal Opportunity Employer

HF Sinclair Corporation is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other prohibited ground of discrimination.

#J-18808-Ljbffr

---