Journey with us! Combine your career goals and sense of adventure by joining our exciting team of employees. Royal Caribbean Group is pleased to offer a competitive compensation & benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

Position Summary:

Royal Caribbean Group (RCCL) is in search of a Sr Analyst in Information Risk Management within the Global Information Security department to assist with the evaluation of risk involving third-party vendors and internal systems/applications. The goal of the RCCL IS Risk Assessment program is to manage an automated, auditable, repeatable, and demonstrable program to manage information security risk to RCCL information assets.

This position expertly assesses the risk of RCCL’s third-party vendors and internal applications/systems using structured interview processes, questionnaires, and review of security, compliance, and data protection documentation. The successful candidate for this position will assist and advance the execution of our risk management methodology that informs management of risks across the enterprise.

This position will require great communication, networking, and risk management skills. RCCL is regulated globally, and thus, the analyst should have some working knowledge of privacy laws or the ability to learn them.

Essential Duties and Responsibilities:

• Conduct Third Party vendor risk assessments while standardizing and maintaining the risk register.
• Perform risk evaluations and communicate IT security gaps impact to business owners.
• Review policy exceptions in ordinance with RCG’s standard operating procedures and policies.
• Drive IT security and risk assessment on products, services, technologies, applications, and vendors.
• Map security controls against SOC 2 Type 2 report.
• Conduct ongoing monitoring, support risk, and issue tracking with periodic updates to management on metrics.
• Provide cross-functional expertise and support control and issue remediation.
• Administer SaaS platforms that facilitate governance, compliance, and risk management activities.
• Responsible for operating RCG’s risk management processes-: risk assessment execution, risk treatment, reporting to stakeholders, issues, and action management.
• Knowledgeable and understanding of IT security risk landscape to proactively identify the need for changes to existing risk assessment tools and controls.
• Lead meetings, chair conference calls, and proactive follow-up with key personnel for the completion of risk assessments.
• Collaborate with risk liaisons, risk owners, and business leaders to identify and evaluate the likelihood and impact of risks as well as the effectiveness of related controls.
• Identify risk mitigation gaps, provide recommendations for control enhancements and monitor remediation activities.
• Assist with improving IS risk management processes based on changing requirements.
• Analyze third-party vendor and internal application/system controls, documentation, and settings to identify information security risks to RCCL.
• Identify security issues and their potential impact on customer operations.
• Ensure potential information security and regulatory compliance risks (such as Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), etc.) associated with systems and applications are examined thoroughly, documented, communicated, treated, and monitored.
• Collaborate with RCCL business sponsors, technology departments, and third parties to communicate requirements, initiate, conduct, and complete risk assessments in a timely manner.
• Interact and collaborate with key personnel in various departments including, but not limited to, Procurement, technology departments, Legal, Crisis Management, Compliance, and Ethics, Human Resources, Internal Audit, etc.
• Assist in developing and onboarding IS risk assessment tools, templates, and associated processes to provide transparent reporting on activities and portfolio management.
• Assist with policy exception program and assist with policy and standards related to information security risk management.
• Learn risk management best practices with fitment to RCCL business and operational model.
• Review and analyze security contract language to align with information security policy.
• Performance of other duties and responsibilities as assigned.

Qualifications:

• Bachelor’s degree in IT / IS, Computer Science, or related discipline is preferred. Non-technical degrees with Computer Science fundamentals will be considered combined with technology experience.
• At least one Information Security certification such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), etc. preferred.
• 5+ years of experience in Information Technology Security
• 5+ years in enterprise IT security
• 7+ years of Information Technology experience.
• Excellent written and verbal communication skills are required.
• Demonstrated experience in performing audit/compliance and third-party vendor assessments.
• Experience with internal project consulting to provide compliance and security requirements and guidance.
• Experience with SOX, PCI-DSS, Global Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and other regulatory compliance requirements and controls.

Knowledge and Skills:

• Ability to formulate and communicate exceptions/findings and technical solutions.
• Proven ability to collaborate with technical and business peers.
• Expert with Microsoft Office suite of applications, ability to convert raw technology metrics into meaningful reports for managers.
• Practiced at creating purposeful metrics, KRI’s/KPI that convey risk messages and identify areas for improvement that are actionable by executive teams.
• Knowledge of Information Security frameworks such as NIST CSF, ISO, FISMA, etc. is preferred.
• Knowledge of Risk Management methodologies and security methodologies.
• Ability to work independently and in a team environment.
• Knowledge of global privacy laws, regulations, and guidelines is preferred.
• Self-starter that can perform assessments with minimal guidance.
• Strong experience in process improvement and re-engineering.
• Strong experience working in large enterprise environments.
• Ability to work in a fast-paced environment with multiple active projects at one time.
• Exceptional work ethic and organization skills with a detail-oriented approach.

Physical Demands:

• Ability to receive, express, or exchange detailed information through oral and written communication.
• Ability to be present in the office environment for 3 days and remote (good internet connection) for 2 days remotely.

Work Environment:

• Fast-paced, fluid, open, and innovative work environment.
• Requires flexibility and exceptional interpersonal relationship skills.
• Requires up to 10% international travel to RCCL internal offices and/or RCCL ships.
• #LI-DW1

We know there's a lot to consider. As you go through the application process, our recruiters will be glad to provide guidance, and more relevant details to answer any additional questions.

Thank you again for your interest in Royal Caribbean Group. We'll hope to see you onboard soon.

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. Royal Caribbean Group and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.