Director, Maritime Cybersecurity ComplianceJob ID 4720 Date posted 09/23/2022 City Miami State FL Country United States Job Type Full Time
The Director of Maritime Cybersecurity Compliance is responsible for the overall management and procedure creation for global maritime cybersecurity compliance across Carnival Corporation. Additionally, this role must ensure all Carnival Corporation vessels comply with cybersecurity International Safety Management (ISM) code, all flag and port state regulatory guidelines, IMO, Coast Guard, and BIMCO’s cyber requirements. The Director of Cybersecurity Compliance will be responsible for creating, modifying, and editing cybersecurity procedures in the global Health, Environment, Safety, Security Management System (HESS MS) and ensuring compliance against these procedures. This position is responsible for confirming that all global audits, recommendations, and self-reported non-conformities to cybersecurity procedures are responded to and adhered to in a timely manner. Additionally, this position will create corrective and preventative action plans to guarantee ongoing compliance. This individual will serve as the primary Maritime Cybersecurity liaison between identified Brand Cybersecurity contacts, shoreside Technical Operations teams, internal/external auditors, Information Technology Officers (ITOs), Shipboard Operation Teams and other key stakeholders as it relates to cyber audits. This position is required to stay apprised of all Cybersecurity ISM code updates to communicate and implement changes globally. Additionally, this individual will assist with the completion of risk assessments and tabletop exercises in incident response drills, as well as the creation of effective recovery plans and cyber incident documentation. This role will represent Maritime Cybersecurity at audit meetings. This role entails developing a team of cybersecurity analysts, either through direct or an indirect matrix reporting, to ensure the cyber framework is followed and monitored. Also, he/she is responsible for the performance of the team, and will need to recruit, train, coach, and develop the Maritime Cyber analysts. This position is responsible to follow all department budget and financial controls.
- Develop and implement a comprehensive and global maritime cybersecurity compliance framework to achieve a strong compliance maturity model, ensuring that audit findings and non-conformities are responded to and adhered to in a timely manner.
- Develop and maintain cybersecurity policies and procedures within GISCS and the global Health Environment Safety & Security Management System (HESS MS).
- Conduct root cause analysis, create corrective action plans, preventative action plans, and procedural protection measures.
- Develop training and deliver cyber threat awareness programs across all levels of both Shipboard and Shoreside Maritime teams (e.g., webinars, emails, digital signage).
- Create executive dashboards to report KRI’s, KPI’s, audit findings, accomplishments and publish to senior management and key stakeholders.
- Respond to cyber incidents, develop action reports based on incident mitigation needs, and communicate findings to the various GISCS and compliance committees such as Information Security Steering and Audit Committees.
- Complete risk assessments, identify recovery plans, and create cyber incident documentation.
- Maintain knowledge of all industry regulations as it relates to Maritime cyber guidelines such as, but not limited to, CLIA, BIMCO, IMO, NIST, US Coast Guard, DHS, CISA, UK’s NCSC, MSC-FAL.1/Circ.3, etc.
- Bachelor’s Degree Cybersecurity, IT Compliance, Audit,
- MBA and/or Advanced Computer Science Degree Preferred
- ISM Code a significant Plus
- CRISC or other Security Professional Certification highly preferred
- 8+ years related experience executing compliance framework and audits.
- 8+ years information/cybersecurity experience.
- 8+ years technology project management with experience building process, controls, operating procedures, and guidelines.
- Proven experience in project leadership, communications at all levels within an organization, conflict resolution, planning, organization, and management
- Proficient analytical skills, thorough and accurate, able to identify key issues, interpret information and present recommendations and conclusions. Knowledge of International Safety Management (ISM) code and IT regulatory guidelines, previous experience doing security assessments
- In addition to other duties/functions, this position requires full commitment and support for promoting ethical and compliant culture. More specifically, this position requires integrity, honesty, and respectful treatment of others, as well as a willingness to speak up when they see misconduct or have concerns.
- A comprehensive benefit program which includes medical, dental and vision plans
- Additional programs include company paid term life insurance and disability coverage and a 401(k) plan that includes a company match
- Employee Stock Purchase plan
- Paid vacation and sick time
- Cruise benefits
- An on-site fully accredited preschool educational program located at our Doral campus
- An on-site Wellness Center and Health clinic at our Doral campus