Lead, IS Third Party Risk Management in Miami, FL at Royal Caribbean Cruises Ltd.

Date Posted: 9/8/2019

Job Snapshot

Job Description

Lead, IS Third Party Risk Management

Position Summary:

  • TPRM, from an information security (IS) perspective, is the identification of risk to RCCL information assets used within the digital information value/supply chain.
  • The goal of the RCCL IA TPRM program is to create and manage an automated, auditable, repeatable and demonstrable program to manage risk to RCCL information assets used by/on behalf of RCCL at external organizations.
  • The TPRM Lead develops and implements the global TPRM program based on regulatory and contractual IS requirements balanced with business requirements.
  • Holistic view to integrating TPRM efforts into overall corporate risk management vision is an essential component of the program.
  • As stated in Cruise Line International Association (CLIA) cyber standards, RCCL needs to ascertain status of cybersecurity preparedness of third party providers as part of sourcing procedures for provided services. This is the key responsibility of the RCCL TPRM team.
  • Within the TPRA program, risk assessment and management activities will be performed to identify potential risk to RCCL information assets based on information classification, identify key risk identifiers (KRIs), key performance indicators (KPIs), appropriate reporting metrics and effective risk registers.
  • The Senior TPRM Analyst is responsible for determining appropriateness of external technical and physical controls utilized by third parties to access RCCL information and systems. As such, this is a highly visible role within shoreside and shipboard business activities.
  • The TPRM Lead reports to the Director of IA, and is accountable for the supervision of staff responsible for documenting program documentation, schedules, procedures and associated program collateral.
  • In order to effectively align the TPRM program with corporate risk management vision, the Senior TPRM Analyst will lead collaboration efforts with Information Security (IS) senior and executive leadership as well as key personnel within Information Technology (IT), Legal, Crisis Management, Compliance and Ethics, Human Resources, Internal Audit and global business management to ensure the TPRA program is measuring and managing risk in all external information sharing relationships.
  • The TPRM Lead and team, collaborating with other IS staff, will review proposed cloud-based, traditional batch, and other system connectivity through the use of structured interview processes, questionnaires and technical scanning tools. TheTPRA Lead will also participate in legal contract review specific to information security language for proposed business connectivity.


Essential Duties and Responsibilities

  • Create and deploy TPRM program intake, assessment, remediation, risk acceptance and communication global framework.
  • Collaborate with RCCL business sponsors and third parties to initiate conduct and close assessments in a timely manner.
  • Deploy and manage automated Governance, Risk and Compliance (GRC) tools and associated provisioning processes to provide transparent reporting on TPRM activities and portfolio management.
  • Integrate SOX controls requirements into GRC automated tool and processes to ensure consistent treatment of third party SOX-related risks.
  • Ensure potential risks associated with software as as service (SaaS) technologies and interfaces to RCCL information are examined thoroughly.
  • Interact with key personnel within Procurement, Information Technology (IT), Legal, Crisis Management, Compliance and Ethics, Human Resources, Internal Audit and global business management.
  • Create a standard TPRM intake process to include questionnaires, review processes, technical evaluation criteria and feedback mechanisms.
  • Create appropriate TPRM policies and procedures and ensure communication, measurement and compliance metrics are established and tracked.
  • Participate in established project management office (PMO) protocols to integrate TPRM requirements (Initiation/Planning/Analysis/Design/Build/Test/Deploy/Closeout).
  • Develop program maturity models appropriate to the TPRM framework.
  • Actively engage in liaison activities with industry associations, peer institutions, regulatory and contractual agencies/organizations and IS information sharing communities.
  • Manage program activities of onshore and offshore junior analysts to provide status reporting, activity scheduling, artifact collection and management, and other supporting tasks.



  • 7+ years¿ experience in internal/external information security/ internal audit roles
  • 5 years¿ recent work experience in a TPRM role or equivalent
  • 5+ years¿ experience with leading and managing complex and detailed program startup efforts.
  • Recent experience in governance, risk and compliance automation tools (RSA Archer or Lockpath as examples).
  • Experience performing detailed and comprehensive research into prevailing regulatory and contractual IS requirements, governance frameworks/standards, industry leading practices and industry research reports.
  • One or more of the following certifications: Project Management Professional (PMP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC).
  • Bachelor's degree or higher education level is required. equivalent combination of education and experience.
  • Demonstrated experience in performing audit/compliance assessments.
  • Significant experience in SOX and PCI DSS controls.
  • Ability to produce high quality oral and written work product, presenting complex technical matters clearly and concisely.
  • Experience reviewing legal language specific to information security requirements of both RCCL and external third parties for appropriateness.






Job Requirements

Knowledge and Skills:

  • Displays sound judgment with a high level of integrity, ethics and ability to calmly, diplomatically and effectively deal with stressful situations. 
  • Able to formulate, communicate and exceptions/findings and technical solutions.
  • Proven ability to collaborate with technical and business peers.
  • Demonstrate a degree of creativity with strong analytical and problem solving skills
  • Strong with methodologies, tools, best practices and processes within specific area of responsibility; emphasis on experience with global TPRM contractual and regulatory requirements.
  • Excellent verbal, presentation and written communication skills for both technical and non-technical audiences.
  • Strong problem solving, decision-making, reporting, communication and management skills.
  • High familiarity with ISO27001, ISO27002, ISO27005, NIST and other industry standards.


Work Environment:

  • Fast-paced, fluid and innovative work environment. Requires flexibility and exceptional interpersonal relationship skills.
  • May require travel to meet with external RCCL business partners.
  • May require travel to RCCL internal offices and/or


Stay Connected!

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.