Job Summary

Description: Third Party Cyber Risk Services Operations - Lead Analyst (Contract to Hire) Years of Experience - 10-12 years Shift timings: 01:30 -10:30PM Role Summary This Lead Analyst role supports Third-Party Cyber Risk Services operations by owning day-to-day intake and workflow execution, delivering timely, data-driven risk assessments, and driving defensible third-party risk decisions (including accept/reject determinations) for third-party suppliers. You will partner closely with Procurement, Legal, business/product owners, and cybersecurity teams to prioritize work based on risk, drive mitigations, and strengthen Chevron’s cyber resilience as third party reliance grows. Job Description The Third-Party Cyber Risk Services Lead Analyst provides risk assessment and process expertise to manage third-party cybersecurity risk. This position partners with internal subject matter experts—including Procurement contract advisors and category managers, Legal counsel, product and business owners, risk managers and analysts, security engineers, and threat intelligence analysts—to ensure third-party suppliers are properly vetted and managed. The role prioritizes work intake based on risk, analyzes tradeoffs and mitigations to manage residual risk, and supports defensible risk decisions to help ensure Chevron’s cyber resilience. Key Responsibilities • Maintain the integrity of the third-party risk management framework, including data-driven inherent and residual risk determinations. • Identify third-party cyber risks and partner with appropriate SMEs to define, implement, and track mitigations and risk treatments. • Operate with a sense of urgency; lead and resolve escalations related to third-party risk assessments in Chevron’s best interest. • Work effectively under pressure and defend risk positions using sound risk logic and data—tailoring the message as needed while maintaining consistency regardless of audience. • Meet service level agreements (SLAs) without sacrificing quality, ensuring assessments and decisions remain risk based. • Communicate effectively with business partners, cyber risk professionals, and functional SMEs on third-party cyber risk (the why, what, and recommended actions), including risk-informed tradeoffs. • Demonstrate role courage and a growth mindset by escalating when needed, helping triage or resolve threats/issues, and driving continuous improvement opportunities. • Develop, enhance, and analyze third-party cyber risk metrics to highlight current risk posture, safeguards, and trends. • Define, drive, and operationalize processes, procedures, and tools that improve third-party cyber risk management, in partnership with SMEs and technology teams. • Continuously identify efficiency opportunities and leverage automation and AI to simplify and accelerate the risk assessment lifecycle—accelerating delivery of business value while effectively managing risk and maintaining quality. Required Qualifications • Demonstrated third-party risk management experience; ability to apply information protection and risk concepts (threat, vulnerability, and impact) to policies, standards, and controls. • Technical working knowledge of the NIST Cybersecurity Framework (CSF) functions and how controls contribute to risk reduction and compliance assurance. • Aptitude to identify business and cybersecurity risks and translate and summarize risks effectively for different audiences; ability to define and track mitigation plans (including preventive and mitigative controls) with stakeholders across levels. • Strong critical thinking skills: ability to analyze context and break complex problems into manageable parts; ability to work under ambiguity when processes are not yet designed or are immature and help design and mature those processes. • Strong written and verbal communication skills; influential leade

Key Responsibilities

Sam as above

Skill Requirements

Sam as above

Other Requirements

Sam as above