Director of Cybersecurity

Job Details

Description

California Resources Corporation is a publicly traded oil and natural gas exploration and production company and the largest oil and natural gas producer in California. We operate our world-class resource base exclusively within the State of California, applying complementary and integrated infrastructure to gather, process and market our production. Using advanced technology, CRC’s workforce focuses on safely and responsibly supplying affordable energy for California by Californians.

The

Director of Cybersecurity

serves as CRC’s cybersecurity leader, reporting directly to the CDIO. This role owns the vision, strategy, and execution of CRC’s pragmatic, risk-based cybersecurity program, designed to be

reasonable, cost-conscious, and business-aligned

. The Director will ensure the protection of CRC’s IT systems, operational technology (OT) systems, and data assets while enabling the company’s transformation, growth initiatives, and board-mandated security commitments.

The Director will lead a lean team of cybersecurity professionals (4-5 FTEs) and will be accountable for delivering measurable improvements in security posture while minimizing disruption, cost, and complexity. Success will require exceptional execution discipline, strong cross-functional leadership, and the ability to operate effectively in a fast-moving, complex environment.

The base annual salary for this posted position is expected to range from $200K - $240K, with a target annual bonus of 25% of base salary and eligibility to participate in our long-term incentive program. Actual salary will be determined based on individual pay factors, including education, experience level and relevant industry experience. Benefits include Medical, Dental, Vision, 401K with Match, Paid Holidays, FSA and HSA.

Department Context

Cybersecurity is one of CRC IT’s five core capabilities, with responsibility for:

- Security Operations & Engineering – Vulnerability management, threat detection, incident response, and security tool administration

- Governance, Risk, and Compliance (GRC) – Policy management, SOX ITGC compliance, and risk reporting

- Security Architecture – Defining and governing security standards across CRC’s IT/OT landscape

- Awareness & Education – Cybersecurity training and phishing prevention programs

Responsibilities

- Strategic Leadership

- Define and execute CRC’s pragmatic, defensible cybersecurity strategy aligned with business priorities and cost constraints

- Lead the security component of CRC’s IT strategy, ensuring board-mandated goals are met

- Serve as CRC’s primary cybersecurity voice to the CDIO and other company leaders

- Risk-Based Execution

- Drive remediation of vulnerabilities to meet targets

- Propose and track progress on the retirement or isolation of unsupported or highly risky systems

- Ensure SOX ITGC compliance, CCPA adherence, and other applicable regulatory requirements

- Maximize value of every dollar spent on Cybersecurity and ensure strong tradeoffs between incremental costs and incremental risk reduction

- Program & Portfolio Management

- Oversee key initiatives related to Cybersecurity and IT management

- Manage vendor relationships to optimize spend and eliminate license waste

- Operational Excellence

- Lead 24x7 security monitoring, incident response, and threat intelligence activities

- Maintain high availability and reliability of security tools and processes

- Establish and track KPIs (e.g., phishing fail rate, NIST-CSF maturity, vulnerability backlog)

- Ensure strong performance of the Cybersecurity team, projects, and contractors

- Deliver high-quality artifacts and deliverables needed for the Cybersecurity function

- Cross-Functional Collaboration

- Partner with other IT Directors (Infrastructure, Applications, Analytics & Data, and Operations & Portfolio) teams to embed security in all major programs

- Coordinate with Internal Audit, Legal, and Risk Management for audit preparation, evidence gathering, and risk documentation

- Team Leadership

- Build a culture of accountability, proactive communication, and timely execution

Required Qualifications

- Bachelor’s degree in Computer Science, Information Security, or related field

- 10+ years of progressive cybersecurity experience, with at least 5 years in leadership

- Proven track record of delivering measurable security improvements in complex, high-risk environments

- Strong knowledge of NIST-CSF, SOX ITGC, and CCPA/CPRA compliance

- Experience with OT/IT security integration

- Demonstrated ability to operate effectively in cost-constrained environments

- Expertise with enterprise-class security tools (EDR, SIEM, IAM, PAM, vulnerability management)

Preferred Qualifications

- Advanced degree (MS, MBA) or equivalent experience

- CISSP, CISM, or similar certification

- Experience in oil & gas, utilities, or other critical infrastructure sectors

- History of success in post-merger IT/Cybersecurity integration

- Experience presenting to boards and audit committees

Key Competencies

- Execution Discipline – Meets commitments on time and with quality, under pressure.

- Business Acumen – Aligns security priorities with CRC’s cost, risk, and operational realities.

- Strategic Influence – Shapes executive and board-level decisions through data, clarity, and credibility.

- Collaboration & Relationship Management – Builds trust with technical and non-technical stakeholders.

- Problem-Solving & Prioritization – Focuses resources on highest-impact, most exploitable risks.

- Change Leadership – Leads through cultural resistance and organizational complexity.

- Problem Solving and Information Synthesis - Solve problems, work independently, and synthesize large amount of information quickly.

- Strategic and Tactical - Operate at both a strategic and tactical level at a sustained high level of performance.

- Communication - Create executive quality business cases, communications, and presentations. Communicate Cybersecurity concepts clearly and effectively to non-technical audiences and stakeholders.

Success Measures

- Meeting or exceeding board-mandated cybersecurity targets on time and within budget

- Reduction in high/critical vulnerabilities per agreed timelines

- Sustained SOX ITGC pass rate and regulatory compliance

- Demonstrated cost savings through license rationalization and efficient vendor management

- Positive feedback from executive leadership, board, and audit stakeholders

- On-time delivery of high-quality projects, initiatives, and deliverables

Growth Opportunities

- Opportunity to influence CRC’s security posture at the highest levels

- Ability to shape pragmatic, cost-effective cybersecurity strategy in a publicly traded company

- Exposure to major enterprise transformation initiatives (ERP, OT integration, carbon capture)