Sr Analyst, IT Security Program Architecture (GRC & Technical Design)

At Murphy Oil Corporation, we believe the rich experiences and backgrounds of our employees strengthen our Company, create a productive workforce, and drive our success. We encourage you to apply for the positions for which you meet the qualifications.

Job Summary

Murphy Oil Corporation is looking for a highly skilled and versatile Security Program Architect to lead the integration of cybersecurity governance, risk, and compliance (GRC) with secure architecture and technical design across the organization. This role serves as a strategic bridge between policy and implementation—designing security programs that are both compliant and technically sound. The ideal candidate has deep experience in cybersecurity frameworks, regulatory standards, secure architecture principles, and cross-functional program execution. We’re looking for a delivery focused problem solver who stays current on cybersecurity trends and thrives on designing and implementing practical, business-aligned solutions.

The ideal candidate will be able to demonstrate exceptional organizational and time-management skills, with a proven ability to propose and implement effective solutions within budget and deadline constraints. Thrives in fast-paced, high-pressure environments, showing adaptability to shifting priorities and evolving business needs. Equally capable of working independently or collaboratively, with a strong commitment to knowledge sharing and team development. Skilled in influencing positive change through a constructive and non-confrontational approach.

Murphy’s Purpose, Mission, Vision, and Values—Doing Right Always, Stay With It, and Think Beyond Possible—emphasize the importance of clear communication, honoring commitments, fostering collaboration across the organization, recognizing the contributions of others, constructively challenging data, encouraging innovation, and proactively proposing solutions. The path of contribution includes leading defined initiatives, working semi-autonomously to drive meaningful results, advancing technical expertise, cultivating business acumen, building a strong professional reputation, and consistently demonstrating Murphy’s core values.

This role will work in our Houston Corporate office and may work two (2) days a week remotely.

Responsibilities

Program Leadership & Integration

Play an active role in developing Murphy’s cybersecurity vision, roadmap, and execution plan

Serve as a strategic liaison between cybersecurity, IT, and business units to align security initiatives with organizational goals

Lead or contribute to the development of enterprise-wide security programs (e.g., Zero Trust, Data Protection, Secure by Design)

Drive cross-functional collaboration to ensure consistent implementation of security controls across infrastructure, applications, and operations

Support the Head of Cybersecurity in providing subject matter expertise to executive leadership on security posture, architectural gaps, and program maturity

Develops policy drafts, procedures, educational materials, strategy/technology roadmaps, Request for Proposal/Offers (RFP/RFO’s), project plans, communications, and presentations to support the overall delivery of IT cybersecurity objectives.

Governance, Risk & Compliance (GRC)

Develop and manage enterprise cybersecurity policies, standards, and procedures aligned to frameworks such as NIST CSF, NIST 800-53, ISO 27001, and CIS

Lead cyber risk assessments and translate risk insights into actionable program requirements and security controls

Oversee compliance initiatives (e.g., SOX, HIPAA, GDPR, CCPA, etc.) and collaborate with Legal, Audit, and Privacy teams

Design and manage security awareness programs to drive organizational engagement and improve security culture

Lead vendor risk management activities, including third-party risk assessments, contract reviews, and ongoing monitoring of security posture

Define and track security KPIs, metrics, and maturity models to support continuous improvement

Establish security governance processes to support secure design reviews, exception handling, and third-party risk management

Security Architecture & Technical Design

Support the Head of Security in reviewing the current technology stack to assess its effectiveness in mitigating today’s threat landscape and identify opportunities for improvement

Monitor current cybersecurity threats and industry trends while proactively shaping a long-term security roadmap aligned with emerging risks, technologies, and business objectives

Partner with enterprise architects, infrastructure, and application teams to design secure systems and services

Develop and maintain security reference architectures, patterns, and technical standards for key environments (cloud, on-prem, hybrid)

Embed security requirements into system development lifecycles (SDLC), DevSecOps practices, and cloud-native design

Conduct technical risk assessments, threat modeling, and architecture reviews for critical projects

Recommend security technologies and controls to mitigate identified risks and support business objectives

Licenses/ Certifications

Relevant certifications such as CISSP, CISM, SABSA, TOGAF, or AWS/GCP/Azure Security are a plus

Qualifications/Requirements

Bachelor’s degree in Computer Science, Information Security, or other technical fields

Minimum 10 years’ experience in a combination of cybersecurity and IT governance, with demonstrated expertise in both GRC and technical architecture roles

2 years of experience working in a Big 4 consulting firm (Deloitte, PwC, EY, or KPMG), with exposure to cybersecurity advisory, risk management, or compliance services is preferred

Strong knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and technical domains (e.g., network, cloud, identity, data protection)

Experience with secure SDLC, DevSecOps integration, and infrastructure/cloud security design

Experience with project management tools like Azure DevOps, Jira, etc.

Experience with Microsoft 365 E5 Security suite and PowerBI reporting

Support cybersecurity projects and operations and be available during nights or weekends as needed

Strong project management experience, including developing plans, roadmaps and milestones

Detail-oriented and delivery-focused

Maintain user confidence and protect operations by keeping information confidential

Desired/Preferred Qualifications

Master’s degree in Computer Science, Information Security, or other technical fields

Experience implementing and/or supporting vendor risk management platforms, enterprise GRC platforms, Security Orchestration, Automation and Response (SOAR) platforms or SAST/DAST platforms

Experience with compliance automation and continuous controls monitoring

Experience securing SAP S/4 ecosystem

Experience working within the Oil/Gas industry

Excellent communication and collaboration skills, with the ability to influence and engage both technical and business stakeholders

The individual is required to follow all applicable safety precautions. Work is performed almost entirely in a controlled (i.e., inside) environment and does not typically subject the incumbent to any hazardous/extreme elements; some positions may require regularly moving or transporting items weighing up to 25 lbs. around the office for various needs. The successful candidate must be able to complete all essential physical requirements of the job with or without reasonable accommodation.

#LI-Hybrid

PURPOSE

We believe in providing energy that empowers people.

MISSION

We challenge the norm, tap into our strong legacy and use our foresight and financial discipline to deliver inspired energy solutions.

VISION

We see a future where we are an industry leader who is positively impacting lives for the next 100 years and beyond.

VALUES & BEHAVIORS

Do Right Always

Respect people, safety, environment and the law

Follow through on commitments

Make it better

Think Beyond Possible

Offer solution

Step up and lead

Don’t settle for “good enough”

Embrace new opportunities

Stay With It

Show resilience

Lean into challenges

Support each other

Consider the implications

_________________________________________________________________________________________________

Murphy Oil Corporation participates in the Department of Homeland Security U.S. Citizenship and Immigration Services' E-Verify program. Please read the E-Verify Notice-English / E-Verify Notice-Spanish and Right to Work Notice before proceeding with your job application.

For additional information, you may also visit the USCIS website .

Murphy Oil Corporation is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, genetic information, age, national origin, sexual orientation, disability, protected veteran status or any other category protected by federal, state or local law.

EEO is the Law Poster

EEO is the Law Supplement