Principal Compliance Analyst - IT

The Lead Analyst, IT Compliance is responsible for developing and documenting strategies that ensure that IT practices adhere to relevant laws, regulations, and industry standards, such as Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) compliance. The Lead Analyst is a trusted advisor to senior management and has a lead role in compliance of applications and infrastructure. 

The Lead Analyst is the Subject Matter Expert in compliance, conducts assessments of the most critical areas in the company, and implements controls to mitigate risks related to regulatory requirements. The role will maintain absolute confidentiality of sensitive files, data, and materials accessed, discussed, or observed while adhering to compliance policies and procedures. 

Job Functions:

• Research and Innovation: Function as a SME for IT Compliance. Stay abreast of emerging technologies, industry trends, and best practices. Research new tools, frameworks, and methodologies that can enhance solution designs and delivery. Evaluate and recommend appropriate solutions. Develop and communicate technology roadmaps. Review and improve tools, methods, processes, and procedures.
• Regulatory Compliance Assessment: Conduct assessments and oversee assessments conducted by more junior analysts by reviewing evidence demonstrating the organization’s compliance with applicable laws, regulations, and industry standards. This includes interviewing stakeholders to ensure compliance requirements are met and understood. Review policies, procedures, and controls to ensure alignment with requirements. The most senior role and decision maker in working with cross functional teams to resolve compliance issues.
• Policy and Procedure Development: Takes the lead in developing, reviewing, and update IT policies, procedures, and standards to address compliance requirements. Reviews and approves documents such as acceptable use policies and data retention policies plans.  Represents the department in communicating policies and procedures to stakeholders and executive leadership.
• Compliance Monitoring and Reporting: Lead ongoing compliance activities, track regulatory changes, and prepare reports for management and regulatory agencies. Document compliance findings, issues, and serve as the decision maker for remediation efforts. Conduct impact assessments to determine the impact of regulatory changes and report findings to leadership. Assess compliance-related risks and lead the development of risk mitigation strategies. Stay abreast of regulatory changes and industry developments to ensure compliance programs remain current and effective.
• Internal and External Audits and Reviews: Conduct internal assessments and reviews to evaluate controls' effectiveness and identify improvement areas. Review access controls, data protection measures, and security configurations. Lead the response to Internal and External Audits and other stakeholders' findings and inquiries, preparing and presenting official documentation where appropriate.
• Vendor and Third-Party Compliance Management (15%): Provide oversight and decision making in vendor selection, assess the compliance of vendors and third-party service providers to ensure they meet all security and regulatory requirements. Oversee audits of third-party service providers and lead the work to resolve vendor issues.
• Training and Awareness (10%): Act as the top expert in compliance policies, standards, and procedures. Provide training and awareness programs to educate analyst team and stakeholders about compliance requirements and best practices.
• Accurate and timely report of time.
• Performs other duties as assigned.

Qualifications:

• Bachelors Degree in Information Security/Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience required. Master’s degree preferred.
• 10+ years Working in a compliance role as part of a large Information Technology department documenting and communicating regulatory requirements, standards, policies, procedures and vulnerabilities related to compliance required.
• 10+ years Auditor/assessor in a regulatory environment required.
• 10+ years conducting assessments specific to PCI an SOX required.
• 10+ years applying access controls and IAM principles required.
• 10+ years implementing and assessing segregation or separations of duties required.
• 10+ years leading compliance the most critical projects required.
• 5+ years participating in cross-functional technology teams required.
• 5+ years planning and managing large projects required.1+ years auditor for IT systems required.
• 1+ years in the cruise and/or travel industry preferred.

Knowledge, Skills & Abilities:

• Expert level knowledge of systems architecture and network applications and protocols, configuration, logging, monitoring, and administration to understand impacts on compliance. 
• Ability to support a multisite enterprise environment.
• Leads in the field of regulatory and security standards and requirements including PCI, SOX and GDPR.
• Expertise in Cybersecurity frameworks such as NIST CSF.
• Advanced skills in critical thinking, creative problem solving, and root cause analysis with the ability to lead teams through this process.
• Outstanding analytical land attention to detail with exceptional business acumen.
• Ability to manage multiple tight deadlines, prioritize workload and achieve exceptional results.
• Ability to write and review comprehensive and concise technical reports and presentations to be consumed by non-technical individuals.
• Exceptional communication, team building, conflict management, and organizational skills
• Excellent track record of working collaboratively with cross-functional teams to achieve common goals and drive exceptional results.
• Proficiency in MS Office
• Proven ability to quickly learn and teach new technologies and concepts.

Licenses & Certifications preferred:

• Certified Public Accountant (CPA)
• CIA-Certified Internal Auditor
• Certified Project Management Professional (PMP)-PMI
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Financial Services Auditory (CFSA)
• CISSSP Certified Information Systems Security Professional
• CITGCP Certified IT General Controls Practitioner
• CSOXI Certified Sarbanes Oxley Act Practitioner

Physical Demands:  Must be able to remain in a stationary position at a desk and/or computer for extended periods of time. 

Travel: No travel

Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.  Weekend and Holiday shifts are required. 

This position is classified as “in-office.”  As an in-office role, it requires employees to work from a designated Carnival office in South Florida Tuesday through Thursday each week. Employees may work from their homes on Mondays and Fridays.  Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area. 

Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.   

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including: 

• Health Benefits: 
  • Cost-effective medical, dental and vision plans 
  • Employee Assistance Program and other mental health resources 
  • Additional programs include company paid term life insurance and disability coverage  
• Financial Benefits: 
  • 401(k) plan that includes a company match 
  • Employee Stock Purchase plan 
• Paid Time Off 
  • Holidays – All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays to be taken at the employee’s discretion.  
  • Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year.  All employees gain additional vacation time with further tenure. 
  • Sick Time – All full-time employees receive 80 hours of sick time each year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.   
• Other Benefits 
  • Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends 
  • Personal and professional learning and development resources including tuition reimbursement  
  • On-site preschool program and wellness center at our Miami campus 

#LI-Hybrid

#LI-SH1