Manager Sr., Cybersecurity Risk

Carnival CorporationMiami, FL
56dHybrid
Match Resume

About The Position

The Senior Manager, Cybersecurity Risk is responsible for implementing, executing, and maturing the Cybersecurity Risk program by overseeing the identification, assessment, and treatment of cybersecurity risks and evaluating and monitoring the overall security risk profile across Carnival Corp and the Operating Lines. This role involves developing risk management strategies, implementing controls, and supporting the organization in adhering to industry best practices, standards and relevant regulations. The Senior Manager will work closely with the Global Cybersecurity (GCS) team, IT, Legal, Compliance, Audit, and business leaders to safeguard corporate assets, influence risk-based decision-making and maintain a strong security posture in a complex, highly regulated environment. The ideal candidate will have advanced expertise in cybersecurity risk management, strong analytical and strategic skills, and experience working in complex, cross-functional, and globally distributed environments. This program and role will act as a catalyst for driving the business in achieving its' objectives through the enablement of risk-based decisioning and activities that prevent or mitigate the impact of cybersecurity risk manifestation. He/She will support the VP, Global Strategy & Governance in developing the cybersecurity risk strategy and providing cyber risk management oversight; supporting the GCS team in the development and enhancement of security policies, relevant standards, and key cybersecurity technology. The scope of this position is global in nature and will work collaboratively across Carnival's brands and operating companies to facilitate enterprise cybersecurity risk management, control, and reporting in conjunction with business stakeholders.

Requirements

  • Bachelor's degree in computer science, information systems, Cybersecurity, Risk Management, or a related field
  • 8+ years of experience in cybersecurity, IT risk, or related fields, with at least 3 years in a leadership or management role.
  • CRISC, CISM, CISA, or equivalent.
  • Advanced knowledge of cybersecurity risk management and compliance standards and best practices
  • Technical proficiency in information security and IT domains
  • Familiarity with GRC tools such as LogicGate, ServiceNow GRC, MetricStream, or OneTrust
  • Proven ability to assess and communicate complex risks to technical and non-technical audiences, including executives
  • Strong verbal and written communication skills
  • Ability to work with globally-distributed and cross-functional teams in complex IT ecosystems
  • Proven experience in developing and implementing risk management strategies and controls
  • In-depth knowledge of the cybersecurity domains, cybersecurity risk frameworks (e.g., NIST CSF, ISO 27005, FAIR), and regulatory requirements
  • Practical knowledge of state, federal, and international cybersecurity and information security-related regulations
  • Must be able to remain in a stationary position at a desk and/or computer for extended periods of time.
  • Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area.

Nice To Haves

  • CISSP preferred.

Responsibilities

  • Execute, mature, and optimize the cybersecurity risk management program and processes, including risk identification, assessment, treatment, and reporting.
  • Lead and conduct macro and micro cyber risk assessments and threat modeling for systems, processes, and projects to identify risks and recommend mitigation strategies.
  • Maintain a comprehensive risk register and oversee risk treatment plans with clear accountability and timelines, including reporting and escalations as appropriate. Develop strategies and action plans to drive security maturity improvement in areas where controls do not adequately mitigate risks.
  • Partner with business and IT stakeholders to integrate risk management into strategic planning and operational processes. Partner with Global Security Architecture & Engineering, Global Threat Intelligence & Readiness, and Compliance Assurance teams, to develop risk mitigation strategies, solutions, and recommendations to reduce components, systems, or enterprise cybersecurity risk.
  • Develop and report key risk indicators (KRIs) and metrics to executive leadership and governance committees. Establish annual and long-term goals, defining risk and strategies, metrics, and reporting mechanisms.
  • Partner with IT, operating lines, Governance and Compliance to facilitate alignment with regulatory requirements (e.g., SOX, PCI-DSS, SOC, NIST, ISO 27001, GDPR, CPRA, etc.).
  • Communicate risk findings and recommendations to senior management and stakeholders through reports and presentations. Provide briefings to leadership and advise of critical risks and issues that may affect business or enterprise cybersecurity objectives.
  • Champion a risk-aware culture through training, awareness campaigns, and stakeholder engagement. Serve as a risk subject-matter-expert.
  • Identify, engage, coach and broker appropriate talent to ensure highest performance of Risk function. Set team's goals and coach the team members to maximize effectiveness and business value through establishing standards and expectations of excellence, facilitating professional development, and motivational techniques.
  • Stay current with the evolving threat landscape and emerging risk management frameworks and technologies.
  • Performs other duties as assigned.

Benefits

  • Cost-effective medical, dental and vision plans
  • Employee Assistance Program and other mental health resources
  • Additional programs include company paid term life insurance and disability coverage
  • 401(k) plan that includes a company match
  • Employee Stock Purchase plan
  • All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays to be taken at the employee's discretion.
  • All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year. All employees gain additional vacation time with further tenure.
  • All full-time employees receive 80 hours of sick time each year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.
  • Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends
  • Personal and professional learning and development resources including tuition reimbursement
  • On-site Fitness center at our Miami campus

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Industry

Water Transportation

Number of Employees

5,001-10,000 employees

Job Search Resources

Similar Manager Sr., Cybersecurity Risk job opportunities

Cybersecurity Risk Manager
Guidehouse
Guidehouse • Tysons Corner, VA12d
Cybersecurity & Risk Manager
Vitaver & Associates
Vitaver & Associates • Houston, TX9d • Onsite
Sr. Manager Cybersecurity
New Hampshire Ball Bearings, Inc.
New Hampshire Ball Bearings, Inc. • Los Angeles, CA12d
Cybersecurity Risk Analyst
Skechers
Skechers • Manhattan Beach, CA2d • $90,000 - $150,000
Cybersecurity Risk Expert
General Dynamics Information Technology
General Dynamics Information Technology3d • Onsite
🔥 New JobCybersecurity Risk Analyst
Booz Allen Hamilton
Booz Allen Hamilton • San Diego, CA1d • $99,000 - $225,000
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service