Director, IT Risk and Governance

Holland America Group•Seattle, WA

2d•Hybrid

About The Position

The Director of IT Risk & Governance is responsible for leading and transforming governance, risk, and compliance programs and initiatives across Holland America Line, Seabourn, and Holland America–Princess Alaska IT operations. This role oversees a dedicated team of governance and compliance professionals and plays a pivotal role in advancing organizational maturity through strategic leadership of Governance Centers of Excellence (COEs), annual control testing and remediation, Disaster Recovery (DR), and Business Continuity Planning (BCP). Reporting to the VP, Planning and Governance, the Director collaborates closely with IT leadership, the global information security team, internal and external audit partners, and key business stakeholders to ensure alignment with global and local compliance standards, regulatory frameworks, and enterprise priorities. The Director, IT Risk & Governance plays a pivotal role in shaping the strategic direction and operational execution of governance, risk, and compliance across Holland America Line, Seabourn, and Holland America–Princess Alaska IT operations. This position functions as a key leadership role within the Strategic Planning and Governance team, with direct influence over both shoreside and fleet-based technology environments. The scope of the role spans local and global compliance standards, ensuring alignment with corporate policies, regulatory frameworks, and industry best practices. With oversight of disaster recovery, business continuity, and risk management programs, the Director ensures operational resilience across all brands and geographies. The role requires close collaboration with global information security teams, internal and external audit partners, and cross-functional business stakeholders, making it integral to the company’s ability to safeguard data, maintain regulatory compliance, and support uninterrupted service delivery across the enterprise. This position not only drives internal governance maturity but also represents the brand in broader Carnival Corporation initiatives, influencing compliance strategy and business continuity planning at the enterprise level. This role requires advanced problem-solving capabilities, often involving the analysis of complex regulatory requirements, risk data, and operational dependencies across both shore-side and fleet environments. The Director must anticipate potential compliance gaps and business continuity risks and proactively design mitigation strategies that align with global standards. Solutions often require cross-functional collaboration, strategic planning, and the ability to translate technical findings into actionable insights for executive leadership, ensuring minimal disruption to business operations and sustained regulatory alignment. The Director, IT Risk & Governance has a broad and strategic impact across the organization, setting the standards for governance, compliance, and risk management practices that are critical to business continuity and regulatory alignment. This role influences both shore-side and fleet operations, ensuring consistent application of global compliance frameworks and resilience strategies. By driving maturity in disaster recovery, business continuity, and risk visibility, the Director directly contributes to safeguarding operational integrity and enabling informed decision-making at the executive level. This role requires a high level of strategic leadership, overseeing a team of governance and compliance professionals responsible for advancing risk and regulatory maturity. The Director is accountable for managing departmental resources, guiding team performance, and contributing to budget planning and forecasting for governance-related initiatives. In addition to direct team management, the role demands strong cross-functional leadership skills to influence and align stakeholders across IT, security, audit, and business units, ensuring consistent execution of compliance and continuity strategies enterprise-wide.

Requirements

Essential qualifications for this role include a bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related discipline.
The employee must also have a minimum of 8 years of experience in IT governance, risk management, or compliance, with at least 3 years in a leadership capacity.
Demonstrated knowledge of regulatory frameworks such as SOX ITGC and PCI-DSS is required, along with experience managing disaster recovery and business continuity programs.

Nice To Haves

Preferred qualifications include a master’s degree in a relevant field and professional certifications.
Experience working in a global enterprise environment and familiarity with data privacy regulations such as GDPR are also advantageous.

Responsibilities

Strategic Leadership, Planning & Execution
Lead a team of Risk and Governance professionals to evaluate current and future initiatives, establishing prioritization aligned with brand and enterprise goals.
Establish and lead multiple Governance COEs to define standards, set objectives, and track measurable outcomes aligned with departmental priorities.
Drive governance and risk maturity assessments and continuous improvement initiatives.
Develop and execute 2–3-year strategic roadmaps and action plans to modernize governance and compliance practices, ensuring adherence to SOX ITGC, PCI, Data Privacy and other internal policy and regulatory requirements.
Foster a collaborative, cross-functional approach to maturity improvements across the broader IT organization.
Provide subject matter guidance to peers across brand IT teams.
Cross-Functional Stakeholder Management
Engage stakeholders across brand IT, corporate IT, shipboard teams, third-party vendors, and executive leadership to align Risk and Governance strategies with operational goals.
Collaborate with infrastructure, security, and application teams, as well as managed service providers, to ensure service excellence and alignment in execution of governance initiatives.
Represent brand governance and risk priorities in strategic planning and decision-making forums at the multi-brand and enterprise level.
Serve on cross-functional panels and working groups to influence business continuity decisions and promote best practices.
Governance & Risk Management
Ensure compliance with internal policies and external regulations, including SOX ITGC, PCI, corporate security protocols, and data protection standards.
Enforce secure architecture, infrastructure, and application standards in partnership with security and enterprise architects through oversight of the Enterprise Architecture COE.
Develop and progress robust DR and BCP programs aligned with global standards.
Manage training and operational processes to proactively reduce risk exposure and address evolving compliance requirements.
Act as a compliance advisor across IT projects, embedding regulatory requirements throughout the project lifecycle and leading awareness efforts to foster a compliance-first culture.
Oversee annual compliance assessments, DR/BCP cycles, and risk management processes, while providing executive leadership with clear visibility into risk posture and mitigation strategies.
Budget Ownership
Lead financial planning and stewardship of Risk and Governance investments.
Develop and execute KPI and ROI tracking for Governance COEs, ensuring performance metrics are clearly defined, consistently measured, and transparently reported.
Establish data-driven frameworks to evaluate governance effectiveness, identify improvement opportunities, and demonstrate the value of risk and compliance programs across the enterprise.
Accountability
Hold accountability for Risk and Governance team performance, including delivery timelines, service quality, and alignment with organizational priorities.
Oversee execution of governance projects and initiatives, including annual testing and remediation cycles.
Mentor direct reports and champion continuous process improvement through structured governance and operational discipline.