Security Compliance Senior Analyst

The Sr Analyst, IT Compliance is responsible for ensuring that IT practices adhere to relevant laws, regulations, and industry standards, such as Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) compliance. The role facilitates compliance of applications and infrastructure. The Sr. Analyst conducts assessments and implements controls to mitigate risks related to regulatory requirements. The role will maintain absolute confidentiality of sensitive files, data and materials accessed, discussed, or observed while adhering to compliance policies and procedures,

Essential Functions:

• Regulatory Sr Analyst, IT Compliance is responsible for ensuring that IT practices adhere to relevant laws, regulations, and industry standards, such as Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) compliance. The role facilitates compliance of applications and infrastructure. The Sr. Analyst conducts assessments and implements controls to mitigate risks related to regulatory requirements. The role will maintain absolute confidentiality of sensitive files, data and materials accessed, discussed, or observed while adhering to compliance policies and procedures
• Compliance Monitoring and Reporting: Monitor ongoing compliance activities, track regulatory changes, and prepare reports for management and regulatory agencies. Document compliance findings, issues, and remediation efforts. Conduct impact assessments to determine the impact of regulatory changes and report findings to leadership.      Assess compliance-related risks and develop risk mitigation strategies. Stay abreast of regulatory changes and industry developments to ensure compliance programs remain current and effective
• Internal Audits and Reviews: Conduct internal assessments and reviews to evaluate the effectiveness of controls and identify areas for improvement. Review access controls, data protection measures, and security configurations. Respond to Internal Audit and other stakeholder's findings and inquiries, preparing official documentation where appropriate
• Vendor and Third-Party Compliance Management: Assess the compliance of vendors and third-party service providers to ensure they meet all security and regulatory requirements
• Policy and Procedure Development: Review and provide input to update IT policies, procedures, and standards to address compliance requirements. Help create documents such as acceptable use policies and data retention policies plans. Publish and communicate policies and procedures to stakeholders
• Training and Awareness: Maintain a high degree of familiarity with compliance policies, standards, and procedures. Provide training and awareness programs to educate stakeholders about compliance requirements and best practices.
• Identify opportunities for automation in current compliance activities and leverage technologies to modernize and streamline team workflows

Qualifications:

• Education:  Bachelor’s degree in computer science, IT compliance, audit, or related area is required. An advanced degree is highly desirable particularly and excellent verbal and written communication skills.  Master’s degree a plus.
• Certifications:  Desired to have one of or more of the following certificates: CISM, CISSP. Desired to be trained in Project management, product management or Agile approach
• Work Experience: 5+ years years of experience in Information Technology and Information Security/Compliance with the focus on executing compliance framework and programs such as PCI-DSS, SOX, HIPAA, etc. 5+ years of Information/Cybersecurity and Compliance experience. 5+ years of technology project management with experience building process, controls, operating procedures, and guidelines.
• Knowledge in various compliance regulations such as PCI-DSS, SOX, HIPAA, GDPR, NIST, etc. Knowledge of information technologies components as networking, security, different OSs, DB environments.
• CISSP, CCEP, or CISA equivalent is desirable certifications.
• Previous experience performing security and compliance assessments.

Knowledge, Skills & Abilities:

• Strong analytical and organizational skills. Ability to think critically. Knowledge in process improvement practices. Excellent communication and presentation skills (both written and verbal). Ability to communicate effectively at all levels of the organization. Ability to manage and build large/complex data sets. Ability to work independently (including remotely) and multi-task, managing multiple assignments and deadlines. Skill to meet deadlines while ensuring quality results. Ability to drive and lead conversations, coordinating work among different parties. Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues. Strong ability to troubleshoot problems. Attention to detail is a must. Proficient in documentation and creating operating, assessments, and audit procedures. Ability to create high-quality technical documents. Experience with complex risk-based approach to internal and external compliance efforts. Proficient with Microsoft Office Suite. Able to achieve desired goals and objectives while maintaining the respect and support of the organization.

Physical Demands:  Must be able to remain in a stationary position at a desk and/or computer for extended periods of time. 

Travel: Less then 25% with shipboard travel likely

Work Conditions:  Work primarily in a climate-controlled environment with minimal safety/health hazard potential. 

This position is classified as “in-office.”  As an in-office role, it requires employees to work from a designated Carnival office in South Florida Tuesday through Thursday each week. Employees may work from their homes on Mondays and Fridays.  Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area. 

Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.   

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including: 

• Health Benefits: 
  • Cost-effective medical, dental and vision plans 
  • Employee Assistance Program and other mental health resources 
  • Additional programs include company paid term life insurance and disability coverage  
• Financial Benefits: 
  • 401(k) plan that includes a company match 
  • Employee Stock Purchase plan 
• Paid Time Off 
  • Holidays – All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays to be taken at the employee’s discretion.  
  • Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year.  All employees gain additional vacation time with further tenure. 
  • Sick Time – All full-time employees receive 80 hours of sick time each year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.   
• Other Benefits 
  • Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends 
  • Personal and professional learning and development resources including tuition reimbursement  
  • On-site preschool program and wellness center at our Miami campus 

#LI-Hybrid

#LI-SH1