Cybersecurity Compliance Supervisor

Job Description

The Supervisor, Cybersecurity Compliance leverages their strong knowledge and expertise to supervise the overall Global Compliance Program. They possess a sound understanding of regulatory needs such as SOX, PCI-DSS, Data Privacy (GDPR/CCPA, etc.) and best practices from NIST CSF, ISO, SOC2, etc., with an emphasis on SOX. The supervisor will serve as a liaison between various Operating Units within the organization, internal & external audit, and IT teams, ensuring effective coordination and communication. They will do so to integrate compliance regulations and controls that will protect the company assets and data globally. The supervisor will actively participate in the day-to-day operations of the Security Compliance team within the Global Cybersecurity Services (GCS) organization and will coordinate tasks such as resource allocation, team training, project facilitation, scheduling, and organization of overall project health to complete deliverables. This position will have an active role in ensuring global compliance within the organization to all current regulatory guidelines and to GCS policies and standards. The supervisor will oversee a team of Compliance Analysts that are responsible for the execution of regulatory control testing and continuing compliance activities. This team of analysts has a deep background in Information Security and Compliance. In working with the team, the supervisor will partake in the planning and performance of annual assessments, testing, validation, and oversight of risk management. The supervisor will conduct a root cause analysis as needed, to determine root causes and lead corrective action efforts at the process level to ensure gaps are appropriately assessed, escalated & resolved. This includes oversight of implementing right process solutions to prevent recurrence. The supervisor will represent the Security Compliance team in cross-functional projects, leveraging their advanced skill set to streamline these processes. This position will be responsible for enhancing the global compliance and cybersecurity controls as it relates to shipboard and shoreside environments. The supervisor will be required to measure and report on KPIs, KRIs, audit findings, accomplishments and publish to senior management and key stakeholders. They are responsible for reporting on current regulatory compliance and internal security policy compliance to senior leadership. This position will also be responsible for continuing to modernize existing security and compliance practices, specifically automating testing processes and shifting from a periodic testing approach to a continuous compliance model.

Essential Functions:

• Oversee and assist with the development and execution of GCS’s annual and on-going assessments which include the PCI-DSS continuous compliance program, SOX ITGC testing, and GDPR compliance assessment plans, among others, to ensure the integrity, effectiveness, and efficiency of the compliance framework. Raise awareness to the Business and IT stakeholders of compliance requirements, regulations, and controls
• Support the strategy to mature current Compliance practices to achieve departmental goal of shifting from “regulatory compliance” driven team to a Risk-based program and proactively work to identify potential gaps.  Implement all necessary actions with relevant IT stakeholders and internal and external audit partners to achieve objectives of an effective compliance program and communicate to all key stakeholders and leadership
• Collaborate closely with GRC leadership team to develop brand IT Compliance Framework to include (but not be limited to) SOX, PCI-DSS, Data Privacy (GDPR/CCPA, etc.), IMO etc. to achieve a strong compliance maturity model. Advising on matters related to formal Compliance Governance processes which align and prioritize Data Privacy and Security Compliance initiatives. Assist in developing, preparing, and establishing executive dashboard reporting on compliance events, findings, accomplishments, and publishing these to senior management and key stakeholders
• Oversee the GCS IT Compliance program which includes conducting the annual validations and assessments including but not limited to SOX, PCI-DSS, Data Privacy Regulations (GDPR, CCPA, etc.), and external legal agreements; and determine scope, process, testing, documentation, reporting and remediation. Coordinate with IT Stakeholders, internal and external auditors, and Operating Unit Security Officers to ensure on-going IT compliance with published internal corporate policies and government regulations
• Identify opportunities for automation in current compliance activities and leverage technologies to modernize and streamline team workflows
• Foster a strong team spirit for remote and in-person team resources. Supervise staff by effectively developing, mentoring, and assessing their performance.  Provide initial and ongoing training of new hires. Monitor the team’s daily performance. Act as a resource and mentor for team members, providing ongoing guidance and support in navigating complex topics, troubleshooting challenges, and promoting best practices.
• Assist with and respond to inquiries received from stakeholders across the organization pertaining to the annual validations and assessments conducted by the Security Compliance team. Maintain effective working relationships with internal and external partners.  Proactively monitor and communicate changes in business processes and provide guidance and support to internal stakeholders

Qualifications:

• Education:  A Bachelor’s degree in computer science, IT compliance, audit, or related area is required. An advanced degree is highly desirable particularly and excellent verbal and written communication skills.  Master’s degree a plus.
• Required Certifications:  CISSP, CCEP, or CISA equivalent is desirable
• Years & or Area of Professional experience: 5+ of experience in Information Technology and Information Security/Compliance with the focus on executing compliance framework and programs such as PCI-DSS, SOX, HIPAA, etc. 5+ years of Information/Cybersecurity and Compliance experience. 5+ years of technology project management with experience building process, controls, operating procedures, and guidelines.  Previous experience performing security and compliance assessments
• Critical Professional Related Technical/Computer Skills:  Knowledge in various compliance regulations such as PCI-DSS, SOX, HIPAA, GDPR, NIST, etc. Knowledge of information technologies components as networking, security, different OSs, DB environments

Knowledge, Skills & Abilities:

Strong analytical and organizational skills. Ability to think critically. Knowledge in process improvement practices. Excellent communication and presentation skills (both written and verbal). Ability to communicate effectively at all levels of the organization. Ability to manage and build large/complex data sets. Ability to work independently (including remotely) and multi-task, managing multiple assignments and deadlines. Skill to meet deadlines while ensuring quality results. Ability to drive and lead conversations, coordinating work among different parties. Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues. Strong ability to troubleshoot problems. Attention to detail is a must. Proficient in documentation and creating operating, assessments, and audit procedures. Ability to create high-quality technical documents. Experience with complex risk-based approach to internal and external compliance efforts. Proficient with Microsoft Office Suite. Able to achieve desired goals and objectives while maintaining the respect and support of the organization

Physical Demands:  Must be able to remain in a stationary position at a desk and/or computer for extended periods of time. 

Travel:  Less than 25% shipboard travel likely

Work Conditions:  Work primarily in a climate-controlled environment with minimal safety/health hazard potential.

This position is classified as "in-office." As an in-office role, it requires employees to work from a designated Carnival office in South Florida from Tuesday through Thursday.  Employees may work from home on Mondays and Fridays. Some positions may require additional in-office time each week and final schedule is determined by your leader.  Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area. 

Offers to select candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.   

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including: 

• Health Benefits: 
  • Cost-effective medical, dental and vision plans 
  • Employee Assistance Program and other mental health resources 
  • Additional programs include company paid term life insurance and disability coverage  
• Financial Benefits: 
  • 401(k) plan that includes a company match 
  • Employee Stock Purchase plan 
• Paid Time Off 
  • Holidays – All full-time and part-time with benefits employees receive days off for 7 company-wide holidays, plus an additional floating holiday to be taken at the employee’s discretion.  
  • Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year.  All employees gain additional vacation time with further tenure. 
  • Sick Time – All full-time employees receive 80 hours of sick time each year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.   
• Other Benefits 
  • Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends 
  • Personal and professional learning and development resources including tuition reimbursement.  
  • On-site preschool program and wellness center at our Miami campus 

#LI-Hybrid

#LI-SH1

About Us