GRC Cybersecurity Specialist

Plains All American•Houston, TX

About The Position

Plains All American is an industry-leading transportation and midstream provider specializing in transportation, storage, processing and marketing solutions for crude oil and natural gas liquids (NGLs). We own an extensive network of pipeline transportation, terminalling, storage and gathering assets in key crude oil and NGL producing basins and transportation corridors and at major market hubs in the United States and Canada. On average, Plains handles more than 6 million barrels per day of crude oil and NGL in its Transportation segment. The company is headquartered in Houston, Texas. We are looking for highly-motivated individuals who enjoy working as part of a team in a dynamic and entrepreneurial work environment. The Specialist, Regulatory Risk and Compliance, will play a crucial role in ensuring the security and compliance of applications used within common pipeline carriers to both internal and external standards. This position involves identifying and mitigating cybersecurity risks, ensuring adherence to regulatory requirements, and implementing best practices for regulatory security management and monitoring. The role requires a deep understanding of cybersecurity principles, risk management methodologies, and common carrier industry regulations to protect sensitive data and maintain the integrity of pipeline operations. The selected candidate will be eligible for company benefits including Medical, Dental, Vision, Paid Time Off (PTO), and Free Parking.

Requirements

Bachelor's degree in cybersecurity, information technology, or a related field. A combination of education and experience may be considered.
Minimum of +5 years of experience in regulatory risk and compliance, preferably in the pipeline or energy industry.
Strong understanding of cybersecurity principles and risk management methodologies.
Excellent knowledge of regulatory requirements and standards relevant to the pipeline industry (TSA, CER, NIST, IEC).
Strong analytical and problem-solving skills.
Excellent communication and interpersonal skills.
Ability to work independently and as part of a team.
Strong organizational and time management skills.
Working knowledge of MS Office; working knowledge of program/project management software, exposure to the organization’s core software applications
Cleared criminal history (background) and satisfactory reference checks
Compliance with the Company’s drug and alcohol policy including pre-employment D&A testing.
This position is not eligible for employment-based visa sponsorship. Applicants must be authorized to work in the U.S. for the duration of their employment
Understanding of ISO 27001:2022, NERC CIP, COBIT, and other standard frameworks

Nice To Haves

Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC) are preferred.
Government intelligence clearance or previous experience working in a secure, classified environment(s).

Responsibilities

Identify and assess cybersecurity risks associated with pipeline operations and develop strategies to mitigate these risks aligned to regulatory standards.
Ensure compliance with all relevant regulatory requirements (TSA, CER, MTSA, etc.), including federal, state, and local regulations working with internal and external auditors, including assessors.
Assist SOX ITGC documentation gathering and perform SOX ITGC walkthroughs and process mapping and documentation/narratives.
Implement, maintain, and enforce standards for regulatory security management and monitoring.
Conduct regular audits and assessments to ensure ongoing compliance with regulatory standards.
Develop and deliver collaborative relationships with internal/external teams, engage on M&A activities to reduce corporate risks, and educate team on regulatory requirements and developing standards.