Company: CARNIVAL CORPORATION & PLCArea of Interest: Information TechnologyLocation: MiamiState: FloridaJob Title: Senior Director, Global Security Governance and Risk
We are currently seeking a Senior Director for Global Security Governance and Risk! The Senior Director for Global Security Governance and Risk (Leader) leads a team in the oversight of the Global Information Security Program and Cyber Risk Management. The Senior Director is responsible for defining and aligning strategies for the governance and risk team to support the continued maturity of Carnival’s Global Security transformation and ensure exposures to cyber risks are identified and managed at an acceptable level. This leader is responsible for Global Security Policy/Standards development and management and regulatory compliance related to Corporate Privacy initiatives. The Senior Director will partner with business and technology leaders in ensuring new and existing business relationships address information security risks through the Third Parties Risk Management program. The scope of this position is global in nature and will work collaboratively across Carnival’s brands and operating companies to facilitate cybersecurity risk prioritization in conjunction with the Regional Information Security and Compliance Services Security Officers.
- Governance and Strategy
- Collaborate with Legal, Privacy, Compliance and key business leaders to identify information management and protection laws and regulations and implement actions to ensure compliance
- Identify global cyber security regulatory, legislative, and industry specific compliance requirements
- Manage the global security operational (OPEX) and capital (CAPEX) budgets aligning fiscal expenditures against cybersecurity strategic goals and initiatives
- Establish annual and long-term goals, defining risk and governance strategies, metrics, and reporting mechanisms
- Develop strategies and action plans to drive security maturity improvement in areas where controls do not adequately mitigate risks
- Foster and maintain business relationships in representing GISCS during executive steering committees across each of the Carnival Brands
- Support the development of executive and board level communications as related to corporate cybersecurity posture
- Develop, document, and assess measures, metrics, and internal controls related to cyber security program maturity
- Policies and Standards
- Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards
- Collaborate across the Brands, Legal, Regional Information Security and Compliance Teams, IT teams, HR and Global Data Privacy Council in the development of global security policies
- Champion the annual global security policies and standards review with key stakeholders to ensure alignment with corporate business strategy, cybersecurity strategy and regulatory requirements
- Vendor Management Program
- Manage the Third Party Risk assessments process to ensure risk transparency and business acceptance, contractual obligations and enable risk-based decision making
- Provide oversight, management, implementation and execution of the Third Party Risk Management Program (TPRM), framework and policy
- Engage and participate in working groups amongst key business owners, Legal, Data Protection Officers and IT in performing risk assessments and recommend ongoing monitoring strategies for Third parties and Fourth parties providing services to Carnival
- Partner across each Brand and collaborate with the Regional Information Security leaders to ensure a coordinated and effective global program
- Security Risk Management & Tracking
- Develop and manage the cybersecurity risk management strategy, framework and approach
- Integrate cyber security risk reporting and aggregate reporting into an Enterprise risk framework
- Provide briefings to leadership and advise of critical issues that may affect business or enterprise cybersecurity objectives in partnership with the Regional Information Security Officers
- Partner with Global Security Architecture & Engineering, Global Threat Intelligence & Readiness, and Compliance Assurance teams, to develop risk mitigation strategies, solutions, and recommendations to reduce components, systems, or enterprise security risk
- Awareness & Training
- Champion and manage Global Information Security Awareness and Training programs
- Support Regional Information Security and Compliance teams to host business outreach campaigns
- Distribute security bulletins, alerts, updates, and other security related information
- Corporate Privacy Office
- Develop and maintain a strategy for managing security assessments related to Personally Identifiable Information (PII), and EU General Data Protection Regulation (EU GDPR)
- Support the implementation of security measures related to the protection of personal information
- Collaborate with management, Legal, Marketing, IT, Human Resources, and other appropriate departments to develop and continuously improve upon Carnival’s program, consistent with relevant laws and regulations
- Evaluate and improve upon processes for investigating, documenting, and reporting unauthorized access or disclosure of personal information
- Develop and implement, or update data protection related privacy policies ad standards
- Collaborate with Carnival’s Data Protection Officers and Regional Information Security and Compliance teams supporting alignment with overall objectives for data privacy
- Maintain current knowledge of applicable US federal, state, EU and additional global data protection laws and accreditation standards
- Implement, manage and support security tools which fall into the following areas: Third Party Risk, Security Risk Management and Security GRC
- This will include design, implementation and support on the people, process and tool of the environment
- Work directly with key stakeholders inside and outside of IT as needed
- Master’s Degree preferred
- 10+ years of progressive IT and global business management expertise culminating in an IT leadership role
- Active certification as a Certified Information Security Professional (CISSP) is preferred
- Additional active certifications are also acceptable: CGEIT – Certified in the Governance of Enterprise IT, CISM – Certified Information Security Manager, CISA – Certified Information Systems Auditor, CRISC – Certified in Risk and Information Systems Control, PMP – Project Management Professional
- Experience building and/or growing an IT Security Consulting practice with direct hands-on technology skillsets
- Demonstrated experience in communicating effectively in written and spoken form to broad internal and external entities including non-technical executives, corporate officers, business colleagues, product and service vendors and external peers
- Strong ability to influence and persuade others through collaboration
- Strategic thinker who can translate vision into tactical execution; strong decision-making and project management skills; and ability to prioritize effectively in a highly dynamic work environment
- Experience interviewing, hiring, and counseling direct report employees
- Delegating activities to appointed managers
- Ensuring that responsibilities, authorities, and accountability of all subordinates are defined and understood
- Experience in establishing IT governance, policies and standards
- Experience managing third party vendors
- Experience working and excelling in a Global organization
- Manage and control Operational and Capital budgets
- Demonstrated ability to manage multiple work streams and initiatives simultaneously
- Ability to work in a fast-paced setting
- Recent experience leading an IT organization and establishing governance and strategy for a global organization
- Exceptional and current experience in vendor management, managing security risks, developing and implementing security training programs
- Experience leading corporate privacy initiatives is also a plus
- May travel less than 25% with shipboard travel likely
Benefits as a member of Carnival's Team:
About Carnival Corporation & plc
A comprehensive healthcare program, dental coverage and flexible spending accounts.
Company-paid term life insurance and long term disability coverage, employee-paid optional life insurance and other voluntary insurance programs.
A 401(k) plan that includes up to a 3% company match after one year of service and a discretionary-profit sharing contribution in your second year of eligible employment.
Tuition Reimbursement that provides up to 75% reimbursement for company related professional career development.
Employee Stock Purchase plan that provides up to a 15% discount off the Fair Market Value of Carnival Corporation Common Stock.
Paid vacation and sick time.
Two complimentary "Fun Ship" cruises a year (based on available space and seniority) as well as discounted rates to friends and family in addition to other discounts to local and neighborhood vendors.
An on-site fully accredited preschool educational program that provides developmentally appropriate educational programming for families of children ages 6 weeks through 5 years of age and up to 12 years of age during school holidays and summer vacation in addition to drop-in care for those unexpected childcare conflicts.
An on-site Health and Wellness Center that provides a full range of activities including weight training machines, free weights, cardiovascular equipment, an aerobic center, massage therapy, certified personal trainers and a wide variety of other programs.
Carnival Corporation & plc is a global cruise company and one of the largest vacation companies in the world. Our portfolio of leading cruise brands includes Carnival Cruise Lines, Holland America Line, Princess Cruises, Seabourn and Fathom in North America; P&O Cruises, and Cunard Line in the United Kingdom; AIDA in Germany; Costa Cruises in Southern Europe; and P&O Cruises in Australia. These brands, which comprise the most recognized cruise brands in North America, the United Kingdom, Germany and Italy, offer a wide range of holiday and vacation products to a customer base that is broadly varied in terms of cultures, languages and leisure-time preferences. We also own a tour company that complements our cruise operations: Holland America Princess Alaska Tours in Alaska and the Canadian Yukon. Combined, our vacation companies attract ten million guests annually.
Carnival Corporation & plc and Carnival Cruise Line is an equal employment opportunity/affirmative action employer. In this regard, it does not discriminate against any qualified individual on the basis o sex, race, color, national origin, religion, sexual orientation, age, marital status, mental, physical or sensory disability or any other classification protected by local, state, federal and/or international law.
For information about FMLA eligibility and guidelines please visit: www.dol.gov/whd/fmla. (copy and paste link into your browser).