Director, IT Risk and Governance

Carnival Corporation•Seattle, WA

1d•Hybrid

About The Position

Holland America Line has been exploring the world since 1873. Our ships offer innovative features and enriching experiences focused on destination exploration and personalized travel, inviting guests to savor the journey. We are looking for a Director, IT Risk and Governance. The Director of IT Risk & Governance is responsible for leading and transforming governance, risk, and compliance programs and initiatives across Holland America Line, Seabourn, and Holland America–Princess Alaska IT operations. This role oversees a dedicated team of governance and compliance professionals and plays a pivotal role in advancing organizational maturity through strategic leadership of Governance Centers of Excellence (COEs), annual control testing and remediation, Disaster Recovery (DR), and Business Continuity Planning (BCP). Reporting to the VP, Planning and Governance, the Director collaborates closely with IT leadership, the global information security team, internal and external audit partners, and key business stakeholders to ensure alignment with global and local compliance standards, regulatory frameworks, and enterprise priorities. The ideal candidate will hold a bachelor’s degree in information technology, Cybersecurity, or a related field, with progressive leadership experience in IT governance, risk, and compliance. Proven expertise in regulatory frameworks such as SOX/ITGC and PCI is essential, along with hands-on experience developing and managing DR and BCP programs. Strong strategic planning, communication, and stakeholder engagement skills are critical, as is the ability to lead cross-functional teams and influence executive decision-making. Here’s a summary of what Holland America Line is looking for. Is this you?

Requirements

Essential qualifications for this role include a bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related discipline.
The employee must also have a minimum of 8 years of experience in IT governance, risk management, or compliance, with at least 3 years in a leadership capacity.
Demonstrated knowledge of regulatory frameworks such as SOX ITGC and PCI-DSS is required, along with experience managing disaster recovery and business continuity programs.

Nice To Haves

Preferred qualifications include a master’s degree in a relevant field and professional certifications.
Experience working in a global enterprise environment and familiarity with data privacy regulations such as GDPR are also advantageous.

Responsibilities

Strategic Leadership, Planning & Execution Lead a team of Risk and Governance professionals to evaluate current and future initiatives, establishing prioritization aligned with brand and enterprise goals.
Establish and lead multiple Governance COEs to define standards, set objectives, and track measurable outcomes aligned with departmental priorities.
Drive governance and risk maturity assessments and continuous improvement initiatives.
Develop and execute 2–3-year strategic roadmaps and action plans to modernize governance and compliance practices, ensuring adherence to SOX ITGC, PCI, Data Privacy and other internal policy and regulatory requirements.
Foster a collaborative, cross-functional approach to maturity improvements across the broader IT organization.
Provide subject matter guidance to peers across brand IT teams.
Cross-Functional Stakeholder Management Engage stakeholders across brand IT, corporate IT, shipboard teams, third-party vendors, and executive leadership to align Risk and Governance strategies with operational goals.
Collaborate with infrastructure, security, and application teams, as well as managed service providers, to ensure service excellence and alignment in execution of governance initiatives.
Represent brand governance and risk priorities in strategic planning and decision-making forums at the multi-brand and enterprise level.
Serve on cross-functional panels and working groups to influence business continuity decisions and promote best practices.
Governance & Risk Management Ensure compliance with internal policies and external regulations, including SOX ITGC, PCI, corporate security protocols, and data protection standards.
Enforce secure architecture, infrastructure, and application standards in partnership with security and enterprise architects through oversight of the Enterprise Architecture COE.
Develop and progress robust DR and BCP programs aligned with global standards.
Manage training and operational processes to proactively reduce risk exposure and address evolving compliance requirements.
Act as a compliance advisor across IT projects, embedding regulatory requirements throughout the project lifecycle and leading awareness efforts to foster a compliance-first culture.
Oversee annual compliance assessments, DR/BCP cycles, and risk management processes, while providing executive leadership with clear visibility into risk posture and mitigation strategies.
Budget Ownership Lead financial planning and stewardship of Risk and Governance investments.
Develop and execute KPI and ROI tracking for Governance COEs, ensuring performance metrics are clearly defined, consistently measured, and transparently reported.
Establish data-driven frameworks to evaluate governance effectiveness, identify improvement opportunities, and demonstrate the value of risk and compliance programs across the enterprise.
Accountability Hold accountability for Risk and Governance team performance, including delivery timelines, service quality, and alignment with organizational priorities.
Oversee execution of governance projects and initiatives, including annual testing and remediation cycles.
Mentor direct reports and champion continuous process improvement through structured governance and operational discipline.