Lead, IT Compliance GDPR in Miami, FL at Royal Caribbean Cruises Ltd.

Date Posted: 6/1/2019

Job Snapshot

Job Description

Lead, IT Compliance GDPR

Position Summary:

  • The role of the IT Compliance GDPR Lead is responsible for assisting the organization in the adherence of General Data Protection (GDPR) and other privacy standards.
  • The Lead will also be an integral member of the IT Compliance department and will assist the team in compliance with internal policy and procedures, as well as external laws, regulations and professional standards specific to the organization.
  • The IT Compliance GDPR Lead will work in coordination with the IT Compliance Manager to create, deploy and manage GDPR program plan.
  • The IT Compliance GDPR Lead reports to the IT Compliance Manager and is responsible for documenting GDPR program schedules, inventories, procedures and associated program collateral.
  • To effectively align the IT Compliance GDPR program with corporate initiatives, the IT Compliance GDPR Lead work collaboratively with key personnel within IT Security & Compliance, Information Technology (IT), Legal, Compliance and Ethics, Human Resources, Internal Audit and global business management.
  • The IT Compliance GDPR Lead will execute on day-to-day deliverables that support the ongoing compliance needs related to GDPR, as well as any new regulatory requirements.

Essential Duties and Responsibilities:

  • Develop and implement a global GDPR program based on regulatory and contractual requirements.
  • Monitor and audit company compliance with GDPR. Provide status reports for findings and proposed solutions.
  • Inform, advice and issue recommendations regarding compliance with data protection laws including GDPR, and policies and guidelines with respect to data protection.
  • Manage coordination of compliance remediation efforts.
    Collaborate with RCCL business sponsors and third parties to initiate, conduct and close compliance activities and assessments in a timely manner.
  • Advise and assist the IT organization in remediation and compliance of regulatory requirements.
  • Hold accountability for all aspects of project management.
    Provide status reporting, activity scheduling, artifact collection and management, and other supporting tasks.
  • Interact with auditors and IT teams to confirm findings and mitigation.
    Inform and advise RCCL employees on the company’s obligations regarding GDPR compliance.
  • Partner with IT and IT Security in the development of policies, procedures and practices for GDPR compliance.
  • Interface with legal counsel and data protection authorities, as needed, to address regulatory or compliance issues, concerns or questions.
    Assist the business with responses to customer compliance-specific questions and concerns.
  • Perform other IT Compliance related duties as assigned.
    Provide guidance to other analysts and contractors.
  • Compliance monitoring program.



Job Requirements


  • Bachelor's degree in Information Security (IS) or equivalent.
    Security industry relevant certifications such as CISA, CIPP or CISSP.
    Demonstrated experience in performing audit/compliance assessments.
  • Significant experience with GDPR, SOX controls, and/or PCI DSS requirements.
  • 5+ years¿ experience in IS, internal and/or external Audit. Big 4 experience is a plus.
  • Experience in cruise line industry.
  • Experience leading detailed and comprehensive research into prevailing regulatory and contractual IS requirements, governance frameworks/standards, industry leading practices and industry research reports.
  • Ability to produce high quality oral and written work product, presenting complex technical matters clearly and concisely.
  • Recent experience in GRC tools, is a plus.

    Knowledge and Skills:
  • Experience with leading and managing complex and detailed program startup efforts.
  • Proven ability to collaborate with technical and business peers.
    Demonstrate a degree of creativity with strong analytical and problem-solving skills.
  • Excellent verbal, presentation and written communication skills for both technical and non-technical audiences.
  • Ability to understand technical documents and legal or regulatory reference materials.
  • Ability to identify business processes and systems that relate to personal data and are deemed in-scope for GDPR.
  • Ability to follow and conduct a compliance monitoring program.

Stay Connected!

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.