The Senior Manager, Cybersecurity Risk is responsible for implementing, executing, and maturing the Cybersecurity Risk program by overseeing the identification, assessment, and treatment of cybersecurity risks and evaluating and monitoring the overall security risk profile across Carnival Corp and the Operating Lines. This role involves developing risk management strategies, implementing controls, and supporting the organization in adhering to industry best practices, standards and relevant regulations. The Senior Manager will work closely with the Global Cybersecurity (GCS) team, IT, Legal, Compliance, Audit, and business leaders to safeguard corporate assets, influence risk-based decision-making and maintain a strong security posture in a complex, highly regulated environment. The ideal candidate will have advanced expertise in cybersecurity risk management, strong analytical and strategic skills, and experience working in complex, cross-functional, and globally distributed environments. This program and role will act as a catalyst for driving the business in achieving its’ objectives through the enablement of risk-based decisioning and activities that prevent or mitigate the impact of cybersecurity risk manifestation. He/She will support the VP, Global Strategy & Governance in developing the cybersecurity risk strategy and providing cyber risk management oversight; supporting the GCS team in the development and enhancement of security policies, relevant standards, and key cybersecurity technology. The scope of this position is global in nature and will work collaboratively across Carnival’s brands and operating companies to facilitate enterprise cybersecurity risk management, control, and reporting in conjunction with business stakeholders. 

Essential Functions:

• Execute, mature, and optimize the cybersecurity risk management program and processes, including risk identification, assessment, treatment, and reporting.

• Lead and conduct macro and micro cyber risk assessments and threat modeling for systems, processes, and projects to identify risks and recommend mitigation strategies.

• Maintain a comprehensive risk register and oversee risk treatment plans with clear accountability and timelines, including reporting and escalations as appropriate. Develop strategies and action plans to drive security maturity improvement in areas where controls do not adequately mitigate risks.                                                              

• Partner with business and IT stakeholders to integrate risk management into strategic planning and operational processes. Partner with Global Security Architecture & Engineering, Global Threat Intelligence & Readiness, and Compliance Assurance teams, to develop risk mitigation strategies, solutions, and recommendations to reduce components, systems, or enterprise cybersecurity risk.

• Develop and report key risk indicators (KRIs) and metrics to executive leadership and governance committees. Establish annual and long-term goals, defining risk and strategies, metrics, and reporting mechanisms.

• Partner with IT, operating lines, Governance and Compliance to facilitate alignment with regulatory requirements (e.g., SOX, PCI-DSS, SOC, NIST, ISO 27001, GDPR, CPRA, etc.).

• Communicate risk findings and recommendations to senior management and stakeholders through reports and presentations. Provide briefings to leadership and advise of critical risks and issues that may affect business or enterprise cybersecurity objectives.

• Champion a risk-aware culture through training, awareness campaigns, and stakeholder engagement. Serve as a risk subject-matter-expert.

• Identify, engage, coach and broker appropriate talent to ensure highest performance of Risk function. Set team’s goals and coach the team members to maximize effectiveness and business value through establishing standards and expectations of excellence, facilitating professional development, and motivational techniques.                                                               

• Stay current with the evolving threat landscape and emerging risk management frameworks and technologies.                                                       

• Performs other duties as assigned.

Qualifications:

• Bachelor’s degree in computer science, information systems, Cybersecurity, Risk Management, or a related field

• 8+ years of experience in cybersecurity, IT risk, or related fields, with at least 3 years in a leadership or management role.

• CRISC, CISM, CISA, or equivalent. CISSP preferred.

Knowledge, Skills, and Abilities:

• Advanced knowledge of cybersecurity risk management and compliance standards and best practices

• Technical proficiency in information security and IT domains

• Familiarity with GRC tools such as LogicGate, ServiceNow GRC, MetricStream, or OneTrust

• Proven ability to assess and communicate complex risks to technical and non-technical audiences, including executives

• Strong verbal and written communication skills ​

• Ability to work with globally-distributed and cross-functional teams ​in complex IT ecosystems

• Proven experience in developing and implementing risk management strategies and controls

• In-depth knowledge of the cybersecurity domains, cybersecurity risk frameworks (e.g., NIST CSF, ISO 27005, FAIR), and regulatory requirements

• Practical knowledge of state, federal, and international cybersecurity and information security-related regulations

Physical Demands: Must be able to remain in a stationary position at a desk and/or computer for extended periods of time.

Travel: No or very little travel likely

Work Conditions:Work primarily in a climate-controlled environment with minimal safety/health hazard potential.

This position is classified as “in-office.” As an in-office role, it requires employees to work from a designated Carnival office in South Florida Tuesday through Thursday each week. Employees may work from their homes on Mondays and Fridays.  Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area.

Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.  

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including:

• Health Benefits:
  • Cost-effective medical, dental and vision plans
  • Employee Assistance Program and other mental health resources
  • Additional programs include company paid term life insurance and disability coverage 
• Financial Benefits:
  • 401(k) plan that includes a company match
  • Employee Stock Purchase plan
• Paid Time Off
  • Holidays – All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays to be taken at the employee’s discretion. 
  • Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year.  All employees gain additional vacation time with further tenure.
  • Sick Time – All full-time employees receive 80 hours of sick time each year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.  
• Other Benefits
  • Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends
  • Personal and professional learning and development resources including tuition reimbursement 
  • On-site Fitness center at our Miami campus

#LI-Hybrid

#Corp

#LI-SH1