Director of Cybersecurity
About The Position
California Resources Corporation is a publicly traded oil and natural gas exploration and production company and the largest oil and natural gas producer in California. We operate our world-class resource base exclusively within the State of California, applying complementary and integrated infrastructure to gather, process and market our production. Using advanced technology, CRC's workforce focuses on safely and responsibly supplying affordable energy for California by Californians. The Director of Cybersecurity serves as CRC's cybersecurity leader, reporting directly to the CDIO. This role owns the vision, strategy, and execution of CRC's pragmatic, risk-based cybersecurity program, designed to be reasonable, cost-conscious, and business-aligned . The Director will ensure the protection of CRC's IT systems, operational technology (OT) systems, and data assets while enabling the company's transformation, growth initiatives, and board-mandated security commitments. The Director will lead a lean team of cybersecurity professionals (4-5 FTEs) and will be accountable for delivering measurable improvements in security posture while minimizing disruption, cost, and complexity. Success will require exceptional execution discipline, strong cross-functional leadership, and the ability to operate effectively in a fast-moving, complex environment. The base annual salary for this posted position is expected to range from $200K - $240K, with a target annual bonus of 25% of base salary and eligibility to participate in our long-term incentive program. Actual salary will be determined based on individual pay factors, including education, experience level and relevant industry experience. Benefits include Medical, Dental, Vision, 401K with Match, Paid Holidays, FSA and HSA. Department Context Cybersecurity is one of CRC IT's five core capabilities, with responsibility for: Security Operations & Engineering - Vulnerability management, threat detection, incident response, and security tool administration Governance, Risk, and Compliance (GRC) - Policy management, SOX ITGC compliance, and risk reporting Security Architecture - Defining and governing security standards across CRC's IT/OT landscape Awareness & Education - Cybersecurity training and phishing prevention programs
Requirements
- Bachelor's degree in Computer Science, Information Security, or related field
- 10+ years of progressive cybersecurity experience, with at least 5 years in leadership
- Proven track record of delivering measurable security improvements in complex, high-risk environments
- Strong knowledge of NIST-CSF, SOX ITGC, and CCPA/CPRA compliance
- Experience with OT/IT security integration
- Demonstrated ability to operate effectively in cost-constrained environments
- Expertise with enterprise-class security tools (EDR, SIEM, IAM, PAM, vulnerability management)
Nice To Haves
- Advanced degree (MS, MBA) or equivalent experience
- CISSP, CISM, or similar certification
- Experience in oil & gas, utilities, or other critical infrastructure sectors
- History of success in post-merger IT/Cybersecurity integration
- Experience presenting to boards and audit committees
Responsibilities
- Strategic Leadership Define and execute CRC's pragmatic, defensible cybersecurity strategy aligned with business priorities and cost constraints Lead the security component of CRC's IT strategy, ensuring board-mandated goals are met Serve as CRC's primary cybersecurity voice to the CDIO and other company leaders
- Risk-Based Execution Drive remediation of vulnerabilities to meet targets Propose and track progress on the retirement or isolation of unsupported or highly risky systems Ensure SOX ITGC compliance, CCPA adherence, and other applicable regulatory requirements Maximize value of every dollar spent on Cybersecurity and ensure strong tradeoffs between incremental costs and incremental risk reduction
- Program & Portfolio Management Oversee key initiatives related to Cybersecurity and IT management Manage vendor relationships to optimize spend and eliminate license waste
- Operational Excellence Lead 24x7 security monitoring, incident response, and threat intelligence activities Maintain high availability and reliability of security tools and processes Establish and track KPIs (e.g., phishing fail rate, NIST-CSF maturity, vulnerability backlog) Ensure strong performance of the Cybersecurity team, projects, and contractors Deliver high-quality artifacts and deliverables needed for the Cybersecurity function
- Cross-Functional Collaboration Partner with other IT Directors (Infrastructure, Applications, Analytics & Data, and Operations & Portfolio) teams to embed security in all major programs Coordinate with Internal Audit, Legal, and Risk Management for audit preparation, evidence gathering, and risk documentation
- Team Leadership Build a culture of accountability, proactive communication, and timely execution
Benefits
- Medical
- Dental
- Vision
- 401K with Match
- Paid Holidays
- FSA
- HSA
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Number of Employees
1,001-5,000 employees
