IT Compliance Analyst
Company Overview
At Carnival Cruise Line, our mission is to create safe, fun, and memorable vacations at a great value. As a valued member of our team, you'll actively contribute to developing exceptional travel experiences and unforgettable moments, every single day. Your Carnival journey begins here!
Our Culture Essentials
Joining the Carnival team means embracing our six Culture Essentials, which are the cornerstone values shaping our identity, principles, and actions. These beliefs and behaviors not only define who we are but also unite us as a team, guiding us in decision-making, fostering relationships, tackling challenges, and reaching milestones. These culture essentials propel us toward a shared vision of success, ensuring a collective effort in shaping our future.
- Speak Up
- Respect & Protect
- Empower
- Improve
- Listen & Learn
- Communicate
Responsibilities
Job Description
The Analyst, IT Compliance is an individual contributor role with accountability for ensuring the compliance posture as CCL follows the guidelines established for Carnival Corporation, the respective governing bodies and applicable federal and international laws and regulations. The resource supports the maintenance of n integrated programs with secure infrastructure to protect the integrity, confidentiality, and availability of Carnival Cruise Lines (CCL) information systems assets. The resource will interface with user community to ensure both understanding and compliance with regulatory requirements. The team member will recommend and monitors computing practices to ensure that individual and departmental access and rights, resources, and information are compliant The resource will be an active participant in annual assessments (SOX, PCI) and will also coordinate remediation of compliance gaps (SOX, PCI, EUGDPR, PII, etc.) and support the greater ecosystem in the event of security incidents including recovery, intrusions, and/or system abuses. The team member is required to maintain current knowledge of security and compliance trends and issues. The resource will support projects across the CCL organization.
Essential Functions:
- Coordinate and execute remediation efforts arising from compliance deficiencies (Policies, SOX, PII, EUGDPR, CCPA, PCI, HIPPA, Pen tests, etc.) Effectively plan and manage information protection initiatives and projects to ensure that objectives, schedules and budgets are met.
- Review security and controls to address areas such as applications, databases, infrastructure, security administration, user identification and authentication, access to data, monitoring and reporting. Implement and enforce control framework related to CCL’s regulatory and compliance standards (PCI, SOX, EUGDPR, CCPA, PII, HIPPA, etc.)
- Review and update CCL information security policies and procedures. Update compliance guidelines and standards for CCL applications, databases, infrastructure, networking systems and computing platforms.
- Evaluate security and control aspects of technologies including internally developed applications and defines security requirements to ensure compliance guidelines are met and maintained.
- Perform periodic compliance assessments of information applications and technology, analyze results, and develop action plans to mitigate risks. Manage the exception process for risks that cannot be remediated in stipulated timelines.
- Provide consultative services and awareness to business units regarding risks, standards of due care and appropriate information security safeguards
- Perform other information system department functions as assigned by the CCL’s Security and Compliance Manager.
Qualifications:
- Bachelor’s degree in Computer Science, Information Security, Information Systems / Technology, Engineering, Business, or Management/ Admin preferred
- 3+ years of related and progressively more responsible and expansive work experience in IT Security and Compliance disciplines required.
- 3+ years of experience with minimum of 5 years in IT Security and Compliance preferred
Knowledge, Skills and Abilities:
- Hands-on expertise with supporting PCI Assessments and SOX audits Compliance controls reviews for applications and databases related to SOX, PCI, PII, EUGDPR, HIPPA, etc. Experience reviewing and updating IT policies, standards and guidelines from the lens of a compliance professional.
- Highly organized and effective time management skills including the ability to balance competing projects concurrently; asking questions and getting information in order to diagnose security related problem.
- Excellent written and verbal communication skills.
- Interpersonal skills at a level to function well in a wide range of administrative and management environments and a strong image of professional discipline.
- Proven ability as a member of an IT Compliance or Information Security team with a focus on compliance with the ability to communicate compliance related concepts to a broad range of technical and non-technical staff Proven ability as a project leader. Strong analytical and organizational skills with strong critical thinking and problem-solving abilities.
- High level of integrity and trust. Respects and maintains confidentiality of enterprise information including specified security plans and controls.
- abreast of current and emerging technical information security developments. Research, recommend and implement security tools and measures.
- Demonstrated experience with at least two security control frameworks (e.g. SOX, SOC 2, ISO, NIST, COSO, COBIT, etc.); Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR, COSO, COBIT, NIST, and/or ISO 27001. Experience working directly with internal or external auditors for at least one of the listed standards. Hands-on experience with a variety of reporting operations and procedures
- Attends meetings and compliance related conferences; Participates in employee focus groups and committees related to information security and compliance.
- Ability to plan, coordinate, and execute complex IT security and compliance assignments; design and applies tools, techniques, and procedures to maintain highest standards of IT Security and Compliance.
Licenses/Certifications:
- Active certifications in one of the related areas of security and compliance such as CISA, CISM, CISSP, CRISC, GIAC, ISC, CEH, IAM, GSLC. Active certifications in one of the related areas of security and compliance such as CISA, CISM, CISSP, CRISC, GIAC, ISC, CEH, IAM, GSLC required.
Physical Demands: Must be able to remain in a stationary position at a desk and/or computer for extended periods of time. Requires regular movement throughout CCL facilities.
Travel: Less than 25% shore-based travel
Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential. Other job specific working conditions.
This position is classified as "in-office." As an in-office role, it requires employees to work from a designated Carnival office in South Florida from Tuesday through Thursday. Employees may work from home on Mondays and Fridays. Some positions may require additional in-office time each week and final schedule is determined by your leader. Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area.
Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.
At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including:
- Health Benefits:
- Cost-effective medical, dental and vision plans
- Employee Assistance Program and other mental health resources
- Additional programs include company paid term life insurance and disability coverage
- Financial Benefits:
- 401(k) plan that includes a company match
- Employee Stock Purchase plan
- Paid Time Off
- Holidays – All full-time and part-time with benefits employees receive days off for 7 company-wide holidays, plus an additional floating holiday to be taken at the employee’s discretion.
- Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year. All employees gain additional vacation time with further tenure.
- Sick Time – All full-time employees receive 80 hours of sick time each year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.
- Other Benefits
- Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends
- Personal and professional learning and development resources including tuition reimbursement
- On-site preschool program and wellness center at our Miami campus
#LI-Hybrid
#LI-SH1
About Us
In addition to other duties/functions, this position requires full commitment and support for promoting ethical and compliant culture. More specifically, this position requires integrity, honesty, and respectful treatment of others, as well as a willingness to speak up when they see misconduct or have concerns.
Carnival Cruise Line is the most popular cruise brand in North America and operates a fleet of ships designed to foster exceptionally safe, fun and memorable vacation experiences at an outstanding value. Our employees have a responsibility to be accountable for all actions. We consider the environment in all aspects of our business and have a responsibility to put safety and sustainability first. We live and share a positive attitude which is based on fostering an environment of inclusion, trust, a willingness to listen, openness and integrity. Doing this helps us to achieve our ultimate goal, which is to include FUN in everything we do! Speaking of fun, we are officially certified as a Great Place to Work aboard our ships as well as in our global corporate headquarters!
Carnival Corporation & plc and Carnival Cruise Line is an equal employment opportunity/affirmative action employer. In this regard, it does not discriminate against any qualified individual on the basis of sex, race, color, national origin, religion, sexual orientation, age, marital status, mental, physical orsensory disability, or any other classification protected by applicable local, state, federal, and/or international law.
Employee Benefits
-
Hybrid Work Environment
Empowering work-life integration and flexible opportunities for your personal and career success
-
Wellness Programs
Comprehensive employer wellness programs featuring mental health support and fitness options, including an on-site gym
-
Cruise Benefits
An array of qualified complimentary and heavily discounted cruise options for the ultimate dream getaway
-
Parental Programs
Generous parental leave time and adoption assistance programs
-
Retirement Plan
Secure your future with our exceptional Traditional and Roth 401(k) options complemented by valuable company contributions
-
Employee Stock Purchase
Invest in tomorrow with the opportunity to purchase Carnival shares at a discounted rate from their fair market value
In addition to the above, we offer PTO and company holidays as well as a variety of medical, dental, and voluntary plans
Culture
In our virtual contact center, we're all about unlimited growth opportunities and creating a supportive, inclusive environment. We believe in fostering professional development and providing our team members with the tools and resources they need to excel in their roles. Our community values diversity, ensuring that everyone feels respected and supported in a welcoming atmosphere where personal and professional growth knows no limits. Above all, we're committed to delivering an exceptional guest experience, making customer satisfaction a top priority in everything we do.