Carnival Corporation
Overview
Manager Sr., Cybersecurity Risk role at Carnival Corporation. The Senior Manager, Cybersecurity Risk is responsible for implementing, executing, and maturing the Cybersecurity Risk program by overseeing the identification, assessment, and treatment of cybersecurity risks and evaluating and monitoring the overall security risk profile across Carnival Corp and the Operating Lines. This role works with the Global Cybersecurity (GCS) team, IT, Legal, Compliance, Audit, and business leaders to safeguard assets, influence risk-based decision-making, and maintain a strong security posture in a regulated environment. The scope is global and involves collaboration across Carnival’s brands and operating companies to facilitate enterprise cybersecurity risk management, control, and reporting in conjunction with business stakeholders. Essential Functions
Execute, mature, and optimize the cybersecurity risk management program and processes, including risk identification, assessment, treatment, and reporting. Lead and conduct macro and micro cyber risk assessments and threat modeling for systems, processes, and projects to identify risks and recommend mitigation strategies. Maintain a comprehensive risk register and oversee risk treatment plans with clear accountability and timelines, including reporting and escalations as appropriate. Develop strategies and action plans to drive security maturity improvement in areas where controls do not adequately mitigate risks. Partner with business and IT stakeholders to integrate risk management into strategic planning and operational processes. Collaborate with Global Security Architecture & Engineering, Global Threat Intelligence & Readiness, and Compliance Assurance teams to develop risk mitigation strategies, solutions, and recommendations to reduce components, systems, or enterprise cybersecurity risk. Develop and report key risk indicators (KRIs) and metrics to executive leadership and governance committees. Establish annual and long-term goals, defining risk strategies, metrics, and reporting mechanisms. Partner with IT, operating lines, Governance and Compliance to facilitate alignment with regulatory requirements (e.g., SOX, PCI-DSS, SOC, NIST, ISO 27001, GDPR, CPRA, etc.). Communicate risk findings and recommendations to senior management and stakeholders through reports and presentations. Provide briefings to leadership and advise of critical risks and issues that may affect business or enterprise cybersecurity objectives. Champion a risk-aware culture through training, awareness campaigns, and stakeholder engagement. Serve as a risk subject-matter expert. Identify, engage, coach and broker appropriate talent to ensure highest performance of Risk function. Set team goals and coach team members to maximize effectiveness and business value through establishing standards and expectations of excellence, facilitating professional development, and motivational techniques. Stay current with the evolving threat landscape and emerging risk management frameworks and technologies. Performs other duties as assigned. Qualifications
Bachelor’s degree in computer science, information systems, Cybersecurity, Risk Management, or a related field. 8+ years of experience in cybersecurity, IT risk, or related fields, with at least 3 years in a leadership or management role. CRISC, CISM, CISA, or equivalent. CISSP preferred. Knowledge, Skills, and Abilities
Advanced knowledge of cybersecurity risk management and compliance standards and best practices. Technical proficiency in information security and IT domains. Familiarity with GRC tools such as LogicGate, ServiceNow GRC, MetricStream, or OneTrust. Proven ability to assess and communicate complex risks to technical and non-technical audiences, including executives. Strong verbal and written communication skills. Ability to work with globally-distributed and cross-functional teams in complex IT ecosystems. Proven experience in developing and implementing risk management strategies and controls. In-depth knowledge of cybersecurity domains, risk frameworks (e.g., NIST CSF, ISO 27005, FAIR), and regulatory requirements. Practical knowledge of state, federal, and international cybersecurity and information security-related regulations. Physical Demands
Must be able to remain in a stationary position at a desk and/or computer for extended periods of time. Travel
No or very little travel likely. Work Conditions
Work primarily in a climate-controlled environment with minimal safety/health hazard potential. This position is classified as “in-office.” It requires employees to work from a designated Carnival office in South Florida Tuesday through Thursday each week. Employees may work from home on Mondays and Fridays. Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area. Compensation & Benefits
Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience. Carnival provides a comprehensive benefits program, including health, financial benefits, paid time off, sick time, and other perks. Director and above roles may be eligible for discretionary equity incentive plans. Non-sales roles participate in an annual cash bonus program; sales roles have an incentive plan. About Us
Carnival Corporation & plc is the world’s largest leisure travel company. Our mission is to deliver unforgettable happiness to guests through a diverse portfolio of cruise brands and destinations. We are committed to promoting an ethical and compliant culture and to equal employment opportunity for all applicants. Equal Opportunity
Carnival Corporation & plc and Carnival Cruise Line are an equal employment opportunity/affirmative action employer and do not discriminate on the basis of sex, race, color, national origin, religion, sexual orientation, age, marital status, disability, or any other protected status.
#J-18808-Ljbffr
Manager Sr., Cybersecurity Risk role at Carnival Corporation. The Senior Manager, Cybersecurity Risk is responsible for implementing, executing, and maturing the Cybersecurity Risk program by overseeing the identification, assessment, and treatment of cybersecurity risks and evaluating and monitoring the overall security risk profile across Carnival Corp and the Operating Lines. This role works with the Global Cybersecurity (GCS) team, IT, Legal, Compliance, Audit, and business leaders to safeguard assets, influence risk-based decision-making, and maintain a strong security posture in a regulated environment. The scope is global and involves collaboration across Carnival’s brands and operating companies to facilitate enterprise cybersecurity risk management, control, and reporting in conjunction with business stakeholders. Essential Functions
Execute, mature, and optimize the cybersecurity risk management program and processes, including risk identification, assessment, treatment, and reporting. Lead and conduct macro and micro cyber risk assessments and threat modeling for systems, processes, and projects to identify risks and recommend mitigation strategies. Maintain a comprehensive risk register and oversee risk treatment plans with clear accountability and timelines, including reporting and escalations as appropriate. Develop strategies and action plans to drive security maturity improvement in areas where controls do not adequately mitigate risks. Partner with business and IT stakeholders to integrate risk management into strategic planning and operational processes. Collaborate with Global Security Architecture & Engineering, Global Threat Intelligence & Readiness, and Compliance Assurance teams to develop risk mitigation strategies, solutions, and recommendations to reduce components, systems, or enterprise cybersecurity risk. Develop and report key risk indicators (KRIs) and metrics to executive leadership and governance committees. Establish annual and long-term goals, defining risk strategies, metrics, and reporting mechanisms. Partner with IT, operating lines, Governance and Compliance to facilitate alignment with regulatory requirements (e.g., SOX, PCI-DSS, SOC, NIST, ISO 27001, GDPR, CPRA, etc.). Communicate risk findings and recommendations to senior management and stakeholders through reports and presentations. Provide briefings to leadership and advise of critical risks and issues that may affect business or enterprise cybersecurity objectives. Champion a risk-aware culture through training, awareness campaigns, and stakeholder engagement. Serve as a risk subject-matter expert. Identify, engage, coach and broker appropriate talent to ensure highest performance of Risk function. Set team goals and coach team members to maximize effectiveness and business value through establishing standards and expectations of excellence, facilitating professional development, and motivational techniques. Stay current with the evolving threat landscape and emerging risk management frameworks and technologies. Performs other duties as assigned. Qualifications
Bachelor’s degree in computer science, information systems, Cybersecurity, Risk Management, or a related field. 8+ years of experience in cybersecurity, IT risk, or related fields, with at least 3 years in a leadership or management role. CRISC, CISM, CISA, or equivalent. CISSP preferred. Knowledge, Skills, and Abilities
Advanced knowledge of cybersecurity risk management and compliance standards and best practices. Technical proficiency in information security and IT domains. Familiarity with GRC tools such as LogicGate, ServiceNow GRC, MetricStream, or OneTrust. Proven ability to assess and communicate complex risks to technical and non-technical audiences, including executives. Strong verbal and written communication skills. Ability to work with globally-distributed and cross-functional teams in complex IT ecosystems. Proven experience in developing and implementing risk management strategies and controls. In-depth knowledge of cybersecurity domains, risk frameworks (e.g., NIST CSF, ISO 27005, FAIR), and regulatory requirements. Practical knowledge of state, federal, and international cybersecurity and information security-related regulations. Physical Demands
Must be able to remain in a stationary position at a desk and/or computer for extended periods of time. Travel
No or very little travel likely. Work Conditions
Work primarily in a climate-controlled environment with minimal safety/health hazard potential. This position is classified as “in-office.” It requires employees to work from a designated Carnival office in South Florida Tuesday through Thursday each week. Employees may work from home on Mondays and Fridays. Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area. Compensation & Benefits
Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience. Carnival provides a comprehensive benefits program, including health, financial benefits, paid time off, sick time, and other perks. Director and above roles may be eligible for discretionary equity incentive plans. Non-sales roles participate in an annual cash bonus program; sales roles have an incentive plan. About Us
Carnival Corporation & plc is the world’s largest leisure travel company. Our mission is to deliver unforgettable happiness to guests through a diverse portfolio of cruise brands and destinations. We are committed to promoting an ethical and compliant culture and to equal employment opportunity for all applicants. Equal Opportunity
Carnival Corporation & plc and Carnival Cruise Line are an equal employment opportunity/affirmative action employer and do not discriminate on the basis of sex, race, color, national origin, religion, sexual orientation, age, marital status, disability, or any other protected status.
#J-18808-Ljbffr