Cyber Policy Analyst

Total Number of Openings

Chevron is accepting online applications for the Cyber Policy Analyst position through August 21, 2025 at 11:59 p.m. (CST).

This position is part of a team which governs the policies of cybersecurity and partners with corporate compliance to maintain relevance of corporate policies in which the Chief Information Security Officer is accountable.

This position will interface with different levels within the organization from individual contributors to managers.

The Cyber Policy Analyst is responsible for developing and maintaining cybersecurity policies and controls to support and align Chevron’s cybersecurity expectations and regulatory compliance. This role understands Chevron’s core business and rapidly changing technology and regulatory environment, enterprise cybersecurity risks, and the role that IRSM plays to help protect Chevron’s digital future.

Responsibilities for this position may include but are not limited to:

• Ensures internal policies align with applicable regulatory, legislative, and organizational requirements
• Maintain current knowledge of evolving external regulations and cybersecurity trends, and interpret and operationalize regulatory frameworks
• Participate in research and advisory committees for evaluating new technologies and policy development
• Maintain effective communication with various stakeholders, including executives, employees, partners, and customers, to promote cybersecurity policy awareness and alignment
• Monitor, measure, and report the effectiveness of the cybersecurity policies and guidelines and identifying and addressing any gaps or issues
• Review and update cybersecurity policies, controls, and related guidelines regularly to reflect changes in the threat landscape, technology trends, and business needs.
• Demonstrate knowledge of internal, federal, and international laws, regulations, and governance frameworks

Required Qualifications:

• Bachelor’s degree in a related field such as cybersecurity, information systems, communications, or a Bachelor’s in an unrelated field with relevant work experience.
• Minimum 2 years related work experience in cybersecurity policy or regulatory with increasing levels of responsibility
• Cybersecurity Frameworks & Standards: Familiarity with NIST CSF 2.0 and 800-53, ISO 27001
• Regulatory Compliance: Understanding of mandates such as SOX, TSA, USCG and SOCI Act amendments, and how they translate into internal policy
• Stakeholder Engagement: Proven ability to work across IT and OT, business operations, legal, and procurement to align policy with operational needs

Preferred Qualifications:

• Leadership & Influence: Demonstrated ability to lead cross-functional initiatives and influence policy adoption across diverse teams
•  Communicates in a clear, concise, understandable manner both orally and in writing
• Experience with ServiceNow GRC
• Ability to influence and motivate teams, and work with a variety of disciplines, cultures, and environments
• Demonstrated ability to work effectively, and communicate effectively at all levels with operations, design, projects, vendors, peers, etc

Relocation Options:

Relocation will not be considered.

International Considerations:

Expatriate assignments will not be considered.

U.S. Regulatory notice:

Chevron is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, sex (including pregnancy), sexual orientation, gender identity, gender expression, national origin or ancestry, age, mental or physical disability, medical condition, reproductive health decision-making, military or veteran status, political preference, marital status, citizenship, genetic information or other characteristics protected by applicable law.

We are committed to providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or an accommodation, please email us at emplymnt@chevron.com.

Chevron participates in E-Verify in certain locations as required by law.