Lead, IS Third Party Risk Management in Miramar, FL at Royal Caribbean Cruises Ltd.

Date Posted: 7/11/2020

Job Snapshot

Job Description

Journey with us! Combine your career goals and sense of adventure by joining our exciting team of employees. Royal Caribbean Cruises Ltd. is pleased to offer a competitive compensation & benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

Position Summary:

  • Royal Caribbean Cruises, LTD. (RCCL) is in search of a Lead, IS Third Party Risk in the Information Security & Compliance team to supervise the evaluation and management of risk involving third party solutions and services.
  • The goal of the RCCL Third Party Risk Management (TPRM) program is to create and manage an automated, auditable, repeatable, and demonstrable program to manage third party risk to RCCL information assets.
  • This position assesses the risk of RCCL’s third party providers, tools, systems, and integrations using structured interview processes, questionnaires, review of third party reports on internal control (such as SOC 1/2 reports) and other information security, compliance, and data protection documentation, as well as red-lines in legal contract reviews.

Essential Duties and Responsibilities

  • Supervise the TPRM program intake, assessment, remediation, and risk acceptance processes.
  • Collaborate with RCCL business sponsors and third parties to initiate, conduct, and close assessments in a timely manner.
  • Analyze internal controls and information security, compliance, and data protection programs of third parties to ensure RCCL policies and standards are adhered to.
  • Ensure potential risks associated with software as a service (SaaS) technologies and interfaces to RCCL information are examined thoroughly.
  • Ensure Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), Global Data Protection Regulation (GDPR), and other regulatory compliance with third party technologies, services, systems, and integrations.
  • Review and assist with negotiations of third party contracts for information security, compliance, and data protection measures.
  • Communicate assessment requirements with business sponsors and third parties related to the third party selection and onboarding processes to maintain compliance with defined policies and procedures, regulations, and managing risk to RCCL.
  • Manage TPRM tool and associated processes to provide transparent reporting on activities and portfolio management.
  • Interact and collaborate with key personnel in various departments including, but not limited to, Procurement, Information Technology (IT), Legal, Crisis Management, Compliance and Ethics, Human Resources, Internal Audit, and Global Business Management.
  • Participate in established project management office (PMO) protocols to integrate TPRM requirements (initiation, planning, analysis, design, build, test, deploy, closeout, etc.).
  • Performance of other duties and responsibilities as assigned.
  • Fast-paced, fluid and innovative work environment. Requires flexibility and exceptional interpersonal relationship skills.
  • May require travel to meet with external RCCL business partners.
  • May require travel to RCCL internal offices and/or RCCL ships.


Job Requirements

Qualifications, Knowledge and Skills:

  • Bachelor’s in IT / Information Security, Computer Science, or related discipline is preferred. Non-technical degrees with Computer Science fundamentals will be considered combined with technology experience.
  • At least one Information Security certification such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), etc. required.
  • 5 years work experience in a TPRM role or equivalent.
  • 5 years of IT / Information Security Risk experience.
  • Demonstrated experience in performing audit / compliance assessments.
  • Experience with internal project consulting to provide compliance and security requirements and guidance.
  • Significant experience in SOX and PCI-DSS controls.
  • Experience reviewing and red-lining legal language specific to information security, compliance, and data protection requirements of both RCCL and external third parties for appropriateness.
  • Superior written and verbal communication skills required.
  • Displays sound judgement with a high level of integrity, ethics, and ability to calmly, diplomatically, and effectively handle stressful situations.
  • Ability to formulate and communicate exceptions / findings and technical solutions.
  • Proven ability to collaborate with technical and business peers.
  • Demonstrate a degree of creativity with strong, analytical problem-solving skills.
  • Strong with methodologies, tools, best practices and processes related to global TPRM contractual and regulatory requirements.
  • Excellent verbal, presentation, and written communication skills for both technical and non-technical audiences.
  • High familiarity with ISO27001/2, NIST, FISMA, PCI-DSS, and other industry standards and frameworks.

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. RCL and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.

Stay Connected!

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.