Third Party Security Risk Management Manager
Company Overview
As the parent company overseeing our nine distinctive brands worldwide, Carnival Corporation plays a vital role in providing integral support and strategic direction to each brand across various departments. We strive to deliver unforgettable happiness to our guests by providing extraordinary cruise vacations, while honoring the integrity of every ocean we sail, place we visit and life we touch. As a member of our team, you will help lead the way in innovative and sustainable cruising, delivering memorable vacations and building borderless connections.
Our Culture Essentials
Joining the Carnival team means embracing our six Culture Essentials, which are the cornerstone values shaping our identity, principles, and actions. These beliefs and behaviors not only define who we are but also unite us as a team, guiding us in decision-making, fostering relationships, tackling challenges, and reaching milestones. These culture essentials propel us toward a shared vision of success, ensuring a collective effort in shaping our future.
- Speak Up
- Respect & Protect
- Empower
- Improve
- Listen & Learn
- Communicate
Responsibilities
Job Description
The Third-Party Security Risk Manager is responsible for the management, development, and oversight of the Third Party Security Risk Management (TPSRM) program. The goal of this role is to effectively identify, evaluate, monitor, and manage information security risks associated with third party business partners that do work for, or have access to Carnival’s data. Primary activities include assessing third-party security risks, facilitation of the due diligence assessment process, and ensuring contractual requirements are implemented into legal agreements.
Additional responsibilities include managing service level agreements for assessment reviews, working with our resident engineer for troubleshooting and enhancing functionality within the assessment tool (OneTrust), and acting as the primary escalation liaison between the TRPM team and the business owners of third-party relationships.
Strong process management and communication skills are required for this role. A sound knowledge of the industry and TPRM experience will be applied to assist leadership with ongoing strategic efforts, such as: integration with surrounding global functions and systems, global program facilitation and reporting capabilities, management of professional services and associated KPIs, and implementation of additional program automation and identified development opportunities.
Essential Functions:
- Serve as the GCS TPSRM subject-matter-expert to identify, evaluate, and manage risks associated to third parties processing or accessing personal and / or confidential data on Carnival’s behalf.
- Facilitate TPSRM due-diligence processes across business units; drive appropriate stakeholder participation in the assessment, evaluation, and acceptance of risk
- Manage vendor relationships, field inquiries, and oversee/assist in the vendor assessment process utilizing the RiskRecon platform
- Assess procedures and controls to ensure compliance with applicable company and industry standards.
- Development of dashboard and reporting capabilities for the TPRM program; provide leadership re Conduct training as required throughout company business units to enhance TPRM awareness and compliance porting as required (weekly)
- Support program lead with all additional ongoing strategic projects in place to enhance program maturity
Qualifications:
- Education: Bachelor’s degree
- Major/Discipline: Cybersecurity related
- Required Certifications: Nice to have: CTPRP, CISSP, CISM, CRISC
- Required Years and Area of Professional Experience: 5
- Critical Professional Related Technical/Computer Skills: Excellent oral and written communication, presentation, and collaboration skills. Strong organization skills with the ability to deal with multiple tasks and projects simultaneously. Experience working with legal to conduct contract language reviews. Experience with GRC tools used to conduct TPRM due diligence assessments, preferably OneTrust.
- Other Requirements:Experience with the Microsoft Professional Office Suite, including Teams, SharePoint, and Office
- Preferred Education: Master’s in Cybersecurity
- Preferred Experience and Type: Possess strong organization and communication skills and can communicate security processes and associated risks to non-technical business stakeholders. Has a solid understanding of key security frameworks, including NIST CSF, PCI-DSS, SOX, ISO, etc. Candidate will need to develop a deep understanding of the company structure, key stakeholders, products, and policies / standards to facilitate resolution amongst groups with conflicting priorities. Excellent leadership, project management, and presentation skills. Must be able to work independently and efficiently in a remote working environment
Knowledge, Skills & Abilities:
- Third Party Risk Management, Presentation, Risk Management
Decision Making:
- Tactical: Decisions focus on intermediate-term issues. The purpose of decisions made at this level are to help move CCL closer to reaching strategic goals. Outcomes are predictable. After a decision is made by Top Executive Leadership, the next phase is to take the needed steps to implement it. Examples are: The amount of money required to implement, which advertising agency to promote a new service or to provide an incentive plan to employees to encourage increased revenue. Example: The direction to take the TPRM program. Which process to follow, what automation to use.
- Operational: Decisions focus on day-to-day activities within the company. Decisions made at this level help to ensure that daily activities proceed smoothly and therefore help to move the company toward reaching a strategic goal. They have short term consequences. Examples are: Handling employee conflicts, purchasing materials needed for operations. Examples: Handling escalations and resolving disputes between business owners and security.
- Standard: These decisions are those that are repetitive decisions on a recurring basis and are commonly related to daily activities. They are relatively simple, relying on historical data and previous solutions. Examples are: reordering of standard office supplies, handling transactions. Examples: Daily queue processing and supporting questions.
Travel: No or very little travel likely
Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.
This position is classified as "in-office." As an in-office role, it requires employees to work from a designated Carnival office in South Florida from Tuesday through Thursday. Employees may work from home on Mondays and Fridays. Some positions may require additional in-office time each week and final schedule is determined by your leader. Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area.
Offers to select candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.
At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including:
- Health Benefits:
- Cost-effective medical, dental and vision plans
- Employee Assistance Program and other mental health resources
- Additional programs include company paid term life insurance and disability coverage
- Financial Benefits:
- 401(k) plan that includes a company match
- Employee Stock Purchase plan
- Paid Time Off
- Holidays – All full-time and part-time with benefits employees receive days off for 7 company-wide holidays, plus an additional floating holiday to be taken at the employee’s discretion.
- Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year. All employees gain additional vacation time with further tenure.
- Sick Time – All full-time employees receive 80 hours of sick time each year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.
- Other Benefits
- Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends
- Personal and professional learning and development resources including tuition reimbursement.
- On-site preschool program and wellness center at our Miami campus
#LI-SH1
#LI-Hybrid
About Us
- A comprehensive benefit program which includes medical, dental and vision plans
- Additional programs include company paid term life insurance and disability coverage and a 401(k) plan that includes a company match
- Employee Stock Purchase plan
- Paid vacation and sick time
- Cruise benefits
- An on-site fully accredited preschool educational program located at our Doral campus
- An on-site Wellness Center and Health clinic at our Doral campus
Employee Benefits
-
Hybrid Work Environment
Empowering work-life integration and flexible opportunities for your personal and career success
-
Wellness Programs
Comprehensive employer wellness programs featuring mental health support and fitness options, including an on-site gym
-
Cruise Benefits
An array of qualified complimentary and heavily discounted cruise options for the ultimate dream getaway
-
Parental Programs
Generous parental leave time and adoption assistance programs
-
Retirement Plan
Secure your future with our exceptional Traditional and Roth 401(k) options complemented by valuable company contributions
-
Employee Stock Purchase
Invest in tomorrow with the opportunity to purchase Carnival shares at a discounted rate from their fair market value
In addition to the above, we offer PTO and company holidays as well as a variety of medical, dental, and voluntary plans
Culture
We celebrate our diverse team of over 160,000 team members representing 150 countries and are committed to providing a welcoming and inclusive environment where people from different backgrounds, experiences, and walks of life can succeed. We know our team members are at the heart of inspiring unforgettable happiness, so we strive to be the world’s number-one choice for hospitality, travel and leisure careers.