Share this Job

Sr IT Risk Analyst - Cloud / Vendor Risk Management

Date: Oct 15, 2021

Location: USA: Woodlands, TX, US, 77380

Company: CPChem

You may not realize it, but you’ve likely used a product today made possible by the plastics and chemicals manufactured by Chevron Phillips Chemical. From medical supplies and electronics to food packaging and cosmetics, we create the building blocks for more than 70,000 consumer and industrial products.


Even as a global company with 5,000 employees, we maintain a “small company feel” and uphold a culture of respect, diversity, and inclusion. Ask any Chevron Phillips Chemical employee what they like best about their job, and universally, the answer is “the people I work with!” We value work-life balance, and love to see our employees thrive both professionally and personally. There has never been a better time to work for Chevron Phillips Chemical. If you’re ready to grow with us and become part of our vision of being the premier Chemical Company, apply today!


Chevron Phillips Chemical Company is seeking a Sr IT Risk Analyst to join the Business Transformation organization at the corporate headquarters in The Woodlands, TX.  The individual will serve as a key member of CPChem's IT Security Governance, Risk and Compliance group and support the execution and continual enhancement of an information security risk assessment program, with emphasis on NIST Cybersecurity Framework.


This position reports directly to the IT GRC Manager and serves as the central point of contact for all matters related to IT Risk Management. The successful candidate partners with leaders across the company to identify opportunities and risks, develop and deliver solutions that support business objectives, and protect the organization’s intellectual property globally.


This position is eligible for the current hybrid work model (split of remote and office-based days).


Key Job Responsibilities:

  • Work directly with all lines of business to track compliance performance, and raise employee awareness in the effort to manage security risk and protect company critical data and assets
  • Assessment of vendor risk, including identifying areas of potential exposure and developing vendor risk management strategies, with a focus on cyber and physical security.
  • Implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor cyber risk in accordance with internal policy and regulatory requirements.
  • Assessment of vendor risk, including identifying areas of potential exposure and developing vendor risk management strategies, with a focus on cyber and physical security.
  • Implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor cyber risk in accordance with internal policy and Federal/ State Regulatory requirements.
  • Provide guidance to the business to ensure requirements of the VRM program are fully understood.
  • Support development and execution of communication and training to facilitate the effective application and awareness of VRM
  • Regularly reassess the operational risks associated with the function and inherent in the business
  • Lead assessment of vendor risks, develop mitigation plans and partner with internal stakeholders to assign monitoring responsibility
  • Prepare and complete annual risk assessments and assist with regulatory and accreditation audit preparation as needed
  • Partner with Business Units & internal support functions to help ensure that all risk assessment and mitigation requirements have been met
  • Perform data analytics & reporting activities. Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities. Collect, organize, and distribute reports & documents & recommend enhancements to reporting & audit tools
  • Analyze, update, and modify procedures and processes to identify and continuously implement vendor risk management process improvements
  • Stay informed about the latest developments in the vendor risk management field.


Required Qualifications:

  • Minimum education of associate degree
  • Minimum of 5 years of experience in internal or external auditing, security testing, or risk management and analysis
  • IT security or IT risk management experience
  • Strong knowledge of generally applicable and accepted audit and risk frameworks (e.g., COBIT, CAG SANS, NIST) and government guidelines and laws (e.g., SOX, HIPAA)
  • Deep understanding of cloud security capabilities and risks
  • Strong security inclination
  • Excellent interpersonal, verbal, and written communication skills
  • Strong documentation and/or technical writing skills
  • Strong project management and leadership skills
  • Excellent problem-solving and decision-making ability


Preferred Qualifications:

  • Computer Science or related field
  • Broad breadth of technical skills and experience in IT, security, and privacy
  • Knowledge of Vendor Risk Management tools.
  • Certified Third Party Risk Professional (CTPRP)
  • Certified Third Party Risk Assessor (CTPRA)
  • Certified Information Systems Security Professional (CISSP)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Information Systems Auditor (CISA)
  • Certified Protection Profession (CPP)


Chevron Phillips Chemical offers competitive salaries, a comprehensive benefits package and at most locations, alternate work schedules. To learn more about Chevron Phillips Chemical and to be considered for a position, please visit us online today at


Paper resumes will not be accepted. All job seekers must go to the web site to be considered for positions. If you are interested in applying for this position and need an accommodation to apply, please contact our Human Resources Service Center at 1-800-446-1422, option 4.


Chevron Phillips Chemical Company is an Equal Opportunity / Affirmative Action employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, ancestry, age, disability, veteran status or marital status.


To all recruitment agencies: We are not responsible for any fee related to unsolicited resumes from 3rd party staffing and recruiting agencies (whether submitted through this website or sent directly to employees) unless a written agreement is in place between the agency and Chevron Phillips Chemical Company LP (“Company”) and an authorized Company representative makes a written request to the agency to assist with this requisition. Similarly, no fee will be paid for candidates who apply and claim to be represented by an agency. Any unsolicited resumes, CVs, or other candidate information submitted by an agency will become the property of Company, and no fee will be paid in the event such candidate is hired.


Travel Requirements: Up to 5%

Eligibility for Relocation: No

Closing Date: 09/09/2021

Nearest Major Market: Houston

Job Segment: Risk Management, Manager, Cloud, Law, Computer Science, Finance, Management, Technology, Legal