Share this Job
Date:  Dec 11, 2019

Houston, TX, US, 77024

Job Function:  Information Technology
Requisition Number:  722

Title:  IT Risk & Compliance Analyst

Take Ownership of a Newly Added, High-Impact IT Risk & Compliance Role at a Rapidly Growing Energy Company


Spotlight your subject matter expertise as you create security awareness and help develop a top-notch compliance program. 

If you combine subject-matter expertise in IT Audit, Risk Management and/or Compliance with the ability to work and communicate effectively with business managers and executives, the role of IT Risk and Compliance Analyst with Par Pacific offers a variety of interesting challenges and opportunities. Consider, you will:

  • Serve as an important member of a talented IT team and SME focused on putting together an outstanding security program including security awareness and training. 
  • Enjoy visibility and influence as you work with stakeholders at Corporate, across the Western U.S. and in Hawaii. 
  • Bring your vision and knowledge to a growing and expanding organization with a continuous improvement mindset. We're committed to building an outstanding Risk and Compliance program and gaining companywide awareness. 
  • Have an immediate impact and see the results of your efforts through interim and year-end audits.
  • Enjoy the autonomy to own your work along with strong support when you need it. 
  • Enjoy the entrepreneurial energy of a fast-growth organization built on a strong foundation of success, combined with the atmosphere of friendly and collaborative IT team that is laid back while also being results oriented. A cultural fit with the team will be important. 
  • Earn competitive compensation and an excellent benefits package.

Based in Houston, Texas, Par Pacific Holdings, Inc. owns, manages and maintains interests in energy and infrastructure businesses in Hawaii, Wyoming, Colorado, Washington and Idaho. Our strategy is to identify, acquire and operate energy and infrastructure companies with attractive competitive positions. Par Pacific has an active, opportunistic growth strategy, and our management team has deep experience in the energy industry, as well as in leading mergers, acquisitions, and integrations of newly acquired companies. Our common stock is publicly traded on the NYSE MKT under the trading symbol "PARR".

Note: Par Pacific will not accept calls from third-party recruiters. All candidates are required to apply through this web posting.


The Requirements


To meet the basic qualification for this role, you will have legal authorization to work permanently in the United States for any employer without requiring a visa transfer or visa sponsorship. In addition, to be a good fit for the IT Risk and Compliance Analyst opportunity, you will have:


  • A bachelor’s degree in a job-related field such as Computer Science or Computer Engineering is highly preferred; an advanced degree is a plus.
  • Industry-related legal, compliance, information security or business continuity management certification is preferred.


  • 4-6+ years of experience in IT Audit, IT Risk management and/or IT Compliance.
  • Experience with Governance, Risk, and Compliance (GRC) tools and policy/procedure development.
  • Prior exposure to, and experience with, SOX IT Audit, PCI DSS v3.1 and Privacy regulations.
  • Experience with IT risk and security standards (e.g. COBIT, ISO, NIST, C2M2) preferred.
  • Experience with Security technology (Cisco, Palo Alto, etc.) preferred.
  • Demonstrable professional technical writing expertise.
  • Comprehension of IT cybersecurity, risk and compliance.
  • Big 4 experience is a strong advantage; Oil & Gas experience is a plus.

Core competencies and characteristics

  • Excellent written and verbal communication skills.
  • Strong internal customer orientation; ability to empathize and build rapport.
  • Outstanding communication skills to interact with business managers and executives to identify security initiatives.
  • Customer-focused with an energetic attitude and ability to work and thrive in a fast-paced environment.
  • Detail-oriented with the ability to focus on granular level compliance and security issues.

You will work in our Houston HQ and must be able to travel 10%-20% to implement and execute Security Awareness training. 


The Role


Role Overview

Reporting to the IT Manager, as IT Risk and Compliance Analyst, you will serve as a subject-matter-expert responsible for assessing and overseeing all technology-related compliance issues across the organization including information security, privacy, business continuity, identity management, user access, and data integrity. You'll deliver objective risk assessments of the company's compliance with regulatory, organizational and commercial requirements governing the organization's information technology systems, and assist in the development and implementation of policies, procedures and controls to ensure that the organization's practices remain observant of all pertinent local, state/province/county and federal laws and industry standards.​

Role Details

You'll be based in our Houston, corporate location and join a talented IT team of approximately 40, supporting 1600 users. Currently, there are three resources, including your supervisor, working on security and governance but also wearing multiple hats. As IT Risk and Compliance Analyst, you'll serve as a dedicated audit, risk and compliance expert, and work directly with the IT team and with non-IT compliance professionals/departments such as Legal, Audit and Corporate Compliance, to ensure organizational alignment. 

Upon joining us, you will assess the policies and procedures that are in place. Then, with guidance from and in partnership with the IT Manager, create a shared vision and technical plan for building a comprehensive security and governance program from improvements/ideation through implementation, training and execution. You'll implement and execute the plan, including processes for improving audits, comprehensive compliance training for the IT team, and security awareness training that begins at Corporate and spreads out to Par locations and personnel in Texas, Washington, Idaho, Wyoming, Colorado and Hawaii. Initially, you will be on the road delivering the training, but you will also build a long-term strategy that could include web and other training for new hires and acquisitions. 

More specifically, you will:

  • Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements and certifies their adherence to the relevant IT compliance controls.
  • Evaluation of IT controls to reduce the impact of internal and external IT audits.
  • Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements.
  • Facilitate the creation and modification of all technology compliance policies.
  • Create an IT compliance risk assessment framework and periodically assess the regulatory, commercial and organizational, inherent and residual IT compliance risks.
  • Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.
  • Develop and direct IT compliance control monitoring programs to ensure IT compliance-related risks are managed to the appropriate level of acceptable residual risk.
  • Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to the severity and potential impact to the organization.
  • Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, the board of directors, legal management, regulators, internal/external auditors, etc.
  • Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings.
  • Manage the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization.
  • Provide technical advice and insight on compliance requirements to non-IT leaders such as the general counsel, chief compliance officer (CCO), chief risk officer (CRO), etc.
  • Assist business and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives.

Note: This is an overview of the role and not intended to be an exhaustive description of duties and responsibilities.

Nearest Major Market: Houston

Job Segment: Risk Management, Engineer, Computer Science, Cisco, Technical Writer, Finance, Engineering, Technology