Cybersecurity Compliance Analyst

Phillips 66 & YOU - Together we can fuel the future

The Cybersecurity Compliance Analyst will ensure adherence to cybersecurity regulations and standards set by various government agencies such as the Transportation Security Administration’s (TSA) Pipeline Security Directive 1 and 2, the United States Coast Guard’s (USCG)  33 CFR Part 101 and Part 160, and the Maritime Transportation Security Act (MTSA). This role involves developing cybersecurity compliance strategies and plans, program governance and oversight, auditing, internal monitoring of cybersecurity tools, regulatory reporting, and working with key stakeholders in the business to ensure compliance.

Responsibilities May Include:

• Regulatory Reporting:
  • Prepare and submit compliance reports to TSA and USCG.
  • Maintain accurate records of compliance activities and documentation.
  • Monitor changes in regulations and update reporting protocols accordingly.
  • Lead and participate in regulatory audits and inspections.
• Program Governance:
  • Collaborate with key Refining, Midstream, and Lubricants business stakeholders to develop and implement cybersecurity policies and procedures in alignment with TSA and USCG requirements.
  • Ensure governance frameworks are effectively applied across all cybersecurity programs for the Refining, Midstream, and Lubricants businesses in accordance with new or established regulatory requirements.
  • Collaborate with internal stakeholders such as Corporate Security, Legal, and Internal Audit to ensure compliance with regulatory standards.
  • Establish and maintain relationships across the business and with external regulatory bodies to enhance credibility and trust.
• Cybersecurity Plans and Assessments:
  • Work with the Cybersecurity Officers (CySOs) and key business stakeholders to ensure that the required Cybersecurity Plans or Cybersecurity Implementation Plans are completed, properly documented, and submitted as required.
  • Work with the CySOs and key business stakeholders to ensure that the Cybersecurity Assessments or Cybersecurity Assessment Plans are completed, properly documented, and submitted as required.
  • Work with the CySOs and key business stakeholders to ensure that Pen Testing is completed as required and properly documented and reported.
• Auditing Requirements:
  • Conduct regular periodic internal reviews to assess compliance with TSA and USCG regulations.
  • Identify and address non-compliance issues with the responsible CySO through corrective action plans.
  • Coordinate with external auditors and regulatory bodies during compliance audits and inspections.
• Internal Monitoring:
  • Work with the CySOs and key stakeholders to implement continuous monitoring strategies to ensure real-time compliance for the uptime of the deployed cybersecurity tools.
• Training and Awareness:
  • Work with the CySOs to ensure that training programs to educate staff on cybersecurity compliance requirements are being completed to meet regulatory requirements.
• Drills and Exercises:
  • Work with the CySOs and key business stakeholders to ensure that all required drills and exercises are executed and documented to meet regulatory requirements.
• General:
  • Must be able to successfully and simultaneously manage multiple tasks, and work with minimal direct supervision.
  • Maintain a high regard for personal safety, for the safety of company assets and employees, and the general public.
  • Ability to create an environment of inclusiveness and foster communication.
  • Ability to engender trust and confidence.
  • Work closely with cybersecurity engineers, system administrators, and developers to implement security best practices.
  • Collaborate with external organizations, such as government agencies, contractors, or threat intelligence providers.
  • Make suggestions for process improvement.
  • Prepare metrics and reports for management on the status of compliance objectives.
  • Stay up to date with regulatory changes and ensure the organization is compliant with all relevant laws and regulations.

Required Qualifications:

• Legally authorized to work in the job posting country
• Bachelor's degree in Cybersecurity, Information Technology, or related field
• 3 or more years of experience in cybersecurity compliance, preferably with TSA and USCG regulations
• Familiarity with maritime and transportation security protocols
• Familiarity with OT/Industrial control system platforms, architecture, and environments
• Strong understanding of regulatory frameworks and compliance standards
• Excellent analytical, organizational, and communication skills
• Ability to travel as necessary (~10%)
• Willing and able to obtain a Transportation Worker Identification Card (TWIC). Information can be found at https://www.tsa.gov/for-industry/twic. 

Preferred Qualifications:

• Professional Certifications such as CISSP, CISM, or CISA
• Experience with risk management and incident response processes
• Familiarity with OT health and vulnerability monitoring tools

Total Rewards

At Phillips 66, providing access to high quality programs and care for you and your family is important to us. Maintaining a culture of well-being — physical, emotional, social, and financial — is essential for a high-performing organization. When we are at our best, we are poised to deliver exceptional results — personally and professionally. Benefits for certain eligible, full-time employees include:

• Annual Variable Cash Incentive Program (VCIP) bonus
• 8% 401k company match
• Cash Balance Account pension
• Medical, Dental, and Vision benefits with an annual company contribution to a Health Savings Account for employees on HDHP
• Total well-being programs and incentives, including Employee Assistance Plan, well-being reimbursement, and backup family care services

Learn more about Phillips 66 Total Rewards.

Phillips 66 has more than 140 years of experience in providing the energy that enables people to dream bigger and go farther, faster. We are committed to improving lives, and that is our promise to our employees and our communities. We are sustained by the backgrounds and experiences of our diverse teams, which reflect who we are, the environment we create and how we work together. We have been recognized by the Human Rights Campaign, U.S. Department of Labor and the Military Times for our continued commitment to inclusive practices and policies in the hiring and retention of those in the LGBTQ+ community and military veterans. Our company is built on values of safety, honor and commitment. We call our cultural mindset Our Energy in Action, which we define through four simple, intuitive behaviors: We work for the greater good, create an environment of trust, seek different perspectives and achieve excellence.

Learn more about Phillips 66 and how we are working to meet the world's energy needs today and tomorrow, by visiting phillips66.com.

To be considered

In order to be considered for this position you must complete the entire application process, which includes answering all prescreening questions and providing your eSignature on or before the requisition closing date of 07/24/2025.

Candidates for regular U.S. positions must be a U.S. citizen or national, or an alien admitted as permanent resident, refugee, asylee or temporary resident under 8 U.S.C. 1160(a) or 1255(a)(1).  Individuals with temporary visas such as E, F-1, H-1, H-2, L, B, J, or TN or who need sponsorship for work authorization now or in the future, are not eligible for hire.

Phillips 66 is an Equal Opportunity Employer