IT Governance, Risk & Compliance Expert

Oxy is an international energy company with assets primarily in the United States, the Middle East and North Africa. We are one of the largest oil and gas producers in the U.S., including a leading producer in the Permian and DJ basins, and offshore Gulf of Mexico. Our midstream and marketing segment provides flow assurance and maximizes the value of our oil and gas. Our chemical subsidiary OxyChem manufactures the building blocks for life-enhancing products. Our Oxy Low Carbon Ventures subsidiary is advancing leading-edge technologies and business solutions that economically grow our business while reducing emissions.

We are committed to using our global leadership in carbon management to advance a lower-carbon world. Visit oxy.com for more information.

We are currently looking for an experienced and motivated individual to fill the position of Expert IT GRC Engagement within our IT Risk Management team group based in Houston, Texas.

A successful candidate will ultimately be responsible for:

• Creating, developing, and owning of the Oxy Cyber Security training and awareness program.
• Developing and implementing Risk Management frameworks, tools, procedures, and training materials.
• Significantly improving and maturing Oxy's Corporate ICS security standard, posture, and internal practice.
• Performing security and compliance assessments on new and existing systems, processes, technology.
• Performing periodic gap assessments to validate compliance on an ongoing basis.
• Measuring adherence to Oxy's Corporate standards, procedures, and guidelines.
• Supporting internal and external audit process for relevant compliance concerns including PCI-DSS, SOX, GDPR.

Required Qualifications:

• 
  
  
  
  • Bachelor's degree in Computer Science, MIS, or other relevant discipline.
  • Excellent written and oral communication skills.
  • Strong work ethic with attention to detail.
  • Self-starter, motivated, ability to drive efforts and work independently.
  • Knowledge of IT governance frameworks, standards, and best practices, such as NIST, COBIT, ITIL, ISO, GDPR, and their application within organizations.
  • Working knowledge of information security risk management processes/frameworks and compliance practices.
  • 3 or more years of relevant experience in IT Governance, Risk and Compliance
  
  
  
  

Desired Qualifications:

• 
  
  
  
  • Experience building and creating training content
  • Working knowledge of common Learning Management Systems
  • Project Management
  • Desired Certifications - CRISC, CISSP, CISM, OCM etc.
  • Experience with legal and regulatory compliance standards such as SOX, GDPR, HIPAA, CaCPA, etc.
  • Familiarity or certifications in common industry best practices (ITIL, SDLC, AGILE, COBIT)
  • Familiarity with relevant regulatory requirements and industry standards governing IT operations, AI, data protection, privacy, and security.
  • Ability to work with sensitive and confidential information while maintaining the highest level of confidentiality, professionalism, and ethics.
  
  
  
  

Relocation will not be provided.

Occidental Petroleum Corporation does not offer sponsorship of employment-based nonimmigrant visa petitions for this role.

Occidental Petroleum Corporation is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, marital status, political preference, sexual orientation, gender identity, national origin, protected veteran status, or disability status.