Lead, IS GRC Compliance in Miramar, FL at Royal Caribbean Cruises Ltd.

Date Posted: 9/28/2020

Job Snapshot

  • Employee Type:
  • Location:
    Miramar, FL
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description

Journey with us! Combine your career goals and sense of adventure by joining our exciting team of employees. Royal Caribbean Cruises Ltd. is pleased to offer a competitive compensation & benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

Position Summary:

Royal Caribbean Group (RCG) is seeking a Lead in IS GRC Compliance to bolster the IT compliance program leading, developing, and communicating IT compliance to a NIST CSF based governance structure. The role of the IS GRC Compliance Lead is to guide the organization to Sarbanes-Oxley Act (SOX), General Data Protection (GDPR), Payment Card Industry Data Security Standard (PCI DSS) and other regulatory requirements. The GRC Compliance Lead will be an integral member of the Governance Risk and Compliance (GRC) department and will drive compliance with internal policy and procedures, as well as external laws, regulations and professional standards specific to the organization.

The successful candidate for this position will continue the development of an IT compliance methodology that informs management of IT compliance across the globe.  This position will require great attention-to-detail, technical expertise, effective communication, networking, and IT compliance management experience.

The IS GRC Compliance Lead reports to the IT Compliance Manager and is responsible for documenting Compliance program schedules, inventories, procedures and associated program collateral. The Lead will collaborate with internal and external audit teams, IT Management, and the line of Business to ensure that compliance requirements are met, risks are identified, communicated and addressed

Essential Duties and Responsibilities:

  • Document Compliance program schedules, inventories, procedures and associated program collateral
  • Lead IT SOX audit across entire project lifecycle, including information gathering, assessment, remediation and reporting phases.
  • Interact with auditors and IT teams to confirm findings and risk mitigation strategies
  • Provide expertise in auditing all system layers (i.e., application, database and operating system) to ensure that controls are in place.
  • Produce accurate and detailed work papers that are traceable, repeatable, and auditable
  • Perform Quality Assurance (QA) reviews over work products produced by the team in order to deliver high quality deliverables
  • Engage with business to ensure that critical processes are appropriately documented by control owners and that timely reviews are performed.
  • Provide status reporting, activity scheduling, artifact collection and management, and other supporting tasks
  • Conduct SOX Compliance readiness assessments over newly developed applications
  • Collaborate with business sponsors, Technology and Internal Audit teams to initiate, conduct and close compliance activities and assessments in a timely manner
  • Analyze risk and reward of business process to ensure security while maintaining agility within IT lifecycles
  • Maintain and reports metrics related to IT compliance program.
  • Inform, advise and issue recommendations to IT teams regarding compliance with regulatory requirements
  • Collaborate closely with the governance and risk teams as well as business and IT stakeholders to ensure that corporate goals are met.
  • Builds on IT compliance leading practices to inform program direction.
  • Develops and executes appropriate policies and procedures to ensure that audit trails are intact
  • Develops audits to expose vulnerabilities from system configuration changes and network growth
  • Monitors industry markets and vendors; introduces new audit techniques to the business
  • Establishes best practices for the use of information audits and control technologies and techniques
  • Establishes audit programs and compliance metrics for information security
  • Creates methodologies used to develop and implement a security audit function
  • Predicts security issues and their potential impact on RCG guest operations
  • Perform other GRC related duties as assigned



Job Requirements

Qualifications, Knowledge, and Skills:

  • Bachelor’s in Information Technology/Security, Computer Science is preferred, non-technical degrees with Computer Science fundamentals will be consider combined with technology experience.
  • At least one Information Security certification such as CISA, CISSP, PMP, CRISC, etc. is preferred.
  • 5+ years of experience in Information Security, IT Compliance and/or internal/external Audit. Big 4 experience with SEC clients preferred.
  • Demonstrated experience in performing SOX audits across entire project lifecycle.
  • Compliance or auditing experience performing or supporting SOC 1, SOC 2, GDPR, PCI-DSS assessments is desired.
  • Technical experience auditing Windows, IBM i, iSeries, AS/400, Unix/Linux operating systems; Oracle and SQL databases is required.
  • Good written and verbal communication required.
  • Proficient with Microsoft Excel.
  • Expert with Microsoft Office suite of applications, ability to convert raw technology metrics into meaningful reports for managers.
  • IT audit or security technical background required.
  • Practiced at creating purposeful metrics, KRI’s/KPI’s that convey risk messages and identify areas for improvement that are actionable by executive teams.
  • Operational knowledge of the deployment of Information Security frameworks such as NIST, ISO, FISMA, etc. is preferred.
  • Ability to learn to articulate IT compliance to employees and third parties at all levels within and outside the organization.
  • Excellent verbal, presentation, and written communication skills for both technical and non-technical audiences.

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. RCL and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.

Stay Connected!

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.