Governance and Risk Management Manager (Remote)

Pay $105000.00 - $140000.00 / year

Location Miami/Florida

Employment type Full-Time

• Req#: 6398

The Manager, Security Governance and Risk is responsible for managing the implementation and execution of the Governance and Risk Program. This includes providing oversight and facilitating the identification, analysis, evaluation, and monitoring of the overall security risk profile/posture across the company as well as monitoring the effectiveness of compliance processes across Carnival Corp and the Operating Lines. Part of this responsibility is the measurement of our security maturity by completing an annual security maturity assessment against NIST CSF. This position is responsible for managing and executing strategies that support the continued maturity of Carnival’s Global Security transformation, such as developing a risk management framework, supporting the deployment of control assessment automation, creating a RACI, and documenting the governance program, among other initiatives. They will also work to ensure that cybersecurity risks are identified, monitored, and managed to an acceptable level.

This program and role will enable the business to achieve its objectives through the proactive evaluation and enhancement of the compliance program’s activities and controls that reduce the likelihood of realizing risks. This position will be responsible for the maturity and maintenance of the security policy framework and relevant standards; monitoring applicable security, contractual and compliance requirements (e.g. SOC2, MRC, ISO27001, GDPR, CCPA, NIST CSF, DPAs and local privacy laws) through strategy execution, controls definition and assessment, and process performance. The scope of this position is global in nature and will work collaboratively across Carnival’s brands and operating companies to facilitate cybersecurity risk management.

ESSENTIAL FUNCTIONS

• Policies and Standards – Monitor/manage the maintenance of effective policies and standards to provide control over sensitive data and our environment. Additionally, ensure security and compliance with contracts, regulatory requirements, and industry standards. Collaborate across the Brands, Legal, Regional Information Security and Compliance Teams, IT teams, HR and Global Data Privacy Council in the development of global security policies. Oversee/facilitate the annual global security policies and standards review with key stakeholders to ensure alignment with corporate business strategy, cybersecurity strategy and regulatory requirements.
• Security Awareness & Training – Manage the development, implementation, and reporting of the Global Information Security Awareness and Training programs. Manage the distribution of security bulletins, alerts, updates, and other security related information. Manage the development and execution of annual training for existing employees, contractors, and new hires, including continual reinforcement throughout the year. Support the maintenance of, and freshness of, educational content across all platforms, including gamifications to help drive awareness and behavior change in a positive manner. Develop and oversee Cybersecurity Awareness Month campaign initiatives and other related information security awareness events throughout the year.
• Security Risk Management & Tracking: Manage the cybersecurity risk management strategy, framework and approach. Develop/manage/monitor cyber security risk reporting and aggregate reporting, for inclusion into the Enterprise risk framework. Collaborate with other teams, to develop risk mitigation strategies, solutions, and recommendations to reduce components, systems, or enterprise security risk. Maintain the Security Risk Management Framework (RMF) per industry standards and applicability (Eg. NIST CSF). Support the annual Security Risk Assessment against the RMF. Develop/manage/monitor in the development of security reports and dashboards for varied audiences. Maintain the risk register and monitor remediation plans. Understand compliance requirements and identify emerging security risks; work with the relevant business groups to facilitate proactive implementation of mitigation measures.
• NIST CSF Maturity: Work with Corporate and the Brands to measure the cybersecurity maturity of our programs. Initially partner with an external business partner to execute, and then have complete ownership of the exercise. Based on observed artifacts, produce a CMMI score for the five CSF domains and their subcategories.
• Manage/monitor/support development, implementation and maintenance of the security risk and associated documentation/data in the GRC platform (OneTrust).
• Less than 25% non-shipboard travel likely.

QUALIFICATIONS

• Bachelor’s degree in Information Security, Information Technology, Audit, Risk Management.
• CRISC, CISA, CGEIT.
• 6+ years of progressive IT, auditing, investigations, strategic risk management, and/or business/management consulting with exposure to Fortune 500.
• Experience working within an IT Security practice, preferably having leveraged GRC tools, such as OneTrust.
• Experience in third party risk management, security risk programs, security policies & standards development and maintenance, and development and facilitation of security training programs.

#LI-SH1

#LI-Remote

The range for this role’s base salary is $105,000 - $140,000. Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles are also eligible for an additional vesting equity plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including:

• Health Benefits:
  • Cost-effective medical, dental and vision plans.
  • Employee Assistance Program and other mental health resources.
  • Additional programs include company paid term life insurance and disability coverage.
• Financial Benefits:
  • 401(k) plan that includes a company match.
  • Employee Stock Purchase plan.
• Paid Time Off
  • Holidays – All full-time and part-time with benefits employees receive days off for 7 company-wide holidays, plus an additional floating holiday to be taken at the employee’s discretion.
  • Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year. All employees gain additional vacation time with further tenure.
  • Sick Time – All full-time employees receive 80 hours of sick time each year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.
• Other Benefits
  • Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends.
  • Personal and professional learning and development resources including tuition reimbursement.
  • On-site preschool program, wellness center, and health clinic at our Miami campus.

Carnival Corporation & plc is a British-American cruise operator, currently the world's largest travel leisure company, with a combined fleet of over 100 vessels across 10 cruise line brands.