AMVETS Jobs

Job Description

The Manager, Cybersecurity Compliance is responsible for managing the overall Global Compliance Program, including but not limited to regulatory needs such as SOX, PCI-DSS, Data Privacy (GDPR/CCPA, etc) and best practices from NIST CSF, ISO, SOC2, etc. Additionally, this role is responsible for leading the compliance team’s continuing compliance initiatives and regulatory compliance testing initiatives. The Manager, Cybersecurity Compliance role will work with Operating Unit Security Leaders to ensure global compliance to all current regulatory guidelines and to GISCS policies and standards. This position will be responsible for enhancing the global compliance and cybersecurity controls as it relates to shipboard and shoreside environments. This role is required to measure and report KPIs, KRIs, audit findings, accomplishments, and publish to senior management and key stakeholders. Additionally, this position will serve as a liaison between internal and external auditor groups to integrate compliance regulation and controls to protect the company assets and data globally. This position will oversee a team of Compliance Analysts that are responsible for the execution of regulatory control testing, continuing compliance activities, and have a deep background in Information Security and compliance. This position will also be responsible for continuing to modernize existing security and compliance practices, specifically automating testing processes and shifting from a periodic testing approach to a continuous compliance model. This person will also lead a team in the planning and performance of annual assessments, testing, validation and overseeing the management of risks identified. This role is responsible for the reporting on current regulatory compliance and internal security policy compliance to senior leadership. This role entails developing a compliance team, either through direct or an indirect matrix reporting, to ensure the compliance framework is optimized and monitored. Also, the role is responsible for the performance of the team, and will need to recruit, train, coach, and develop the compliance team.

Essential Functions:

• Develop brand IT Compliance Framework to include (but not be limited to) SOX, PCI-DSS, Data Privacy (GDPR/CCPA, etc.), IMO etc. to achieve a strong compliance maturity model. Ownership of a formal Compliance Governance process which aligns and prioritizes Data Privacy and Security compliance initiatives. Develop and establish executive dashboard reporting on compliance events, findings, accomplishments and publish to senior management and key stakeholders.

• Manage the GISCS IT Compliance program, which includes conducting the annual validation and assessment including but not limited to SOX, PCI-DSS, Data Privacy Regulations (GDPR, CCPA, etc.), and external legal agreements; and determine scope, process, testing, documentation, reporting and remediation. Coordinate with IT Stakeholders, internal and external auditors, and Operating Unit Security Officers to ensure on-going IT compliance with published internal corporate policies and government regulations.

• Oversee the development and execution of GISCS’s annual and on-going PCI-DSS continuous compliance program, SOX ITGC testing, and GDPR compliance assessments plans to ensure the integrity, effectiveness, and efficiency of the compliance framework. Raise awareness to the Business and IT stakeholders of compliance requirements, regulations, and controls.

• Support the strategy to mature current Compliance practices to achieve departmental goal of shifting from “regulatory compliance” driven team to a Risk-based program and proactively work to identify potential gaps. Implement all necessary actions with relevant IT stakeholders and internal and external audit partners to achieve objectives of an effective compliance program and communicate to all key stakeholders and leadership.

• Define and identify requirement gaps and work in conjunction with Business and IT Management to develop and implement remediation and/or mitigation for control process improvements. Evaluate management responses and assess remediation plans. In partnership with Business and IT Management, drive consistent and measurable Compliance risk identification and management process for decision making by senior leadership across all Carnival Corporation brands.

• Proactively monitor & communicate changes in business processes and provide guidance and support to internal stakeholders. Support system implementations to ensure adequate requirements are incorporated, guidelines are followed, and process changes are documented.

• Identify opportunities for automation in current compliance activities and leverage technologies to modernize and streamline team workflows.

• Develop team’s skills, training requests, and career paths. Foster a strong team spirit for remote and in-person team resources. Also responsible for general team administration duties (timesheet approvals, leave requests, etc.)

Qualifications:

• Education: Bachelor’s degree required; Master’s degree a plus

• Discipline/Major: A Bachelor’s degree in computer science , IT compliance, audit, or related area is required. An advanced degree is highly desirable particularly and excellent verbal and written communications.

• Required Certifications: CSSP, CCEP, or CISA equivalent is desirable

• Required Years & Area of Professional Experience: 10+ years of experience in Information Technology and Information Security/Compliance with the focus on executing compliance framework and programs such as PCI-DSS, SOX, HIPAA, etc. 10+ years of Information/Cybersecurity and Compliance experience. 10+ years of technology project management with experience building process, controls, operating procedures, and guidelines. 10 + years of experience managing a team of technical and operation specialists.

• Critical Professional Related Technical/Computer Skills: Knowledge in various compliance regulation as PCI-DSS, SOX, HIPAA, GDPR, NIST, etc. Knowledge of information technologies components as networking, security, different OSs, DBs environments.

• Preferred Experience & Type: Previous experience performing security and compliance assessments.

• Knowledge, Skills & Abilities: Proficient in documentation and creating operating, assessments, and audits procedures. Must have strong leadership qualities, be well organized, well informed, capable of leading by influence, and able to achieve desired goals and objectives while maintaining the respect and support of the organization. Self-motivated with the ability to work independently, including remotely. Proven experience in management or team leadership experience, including mentoring of junior staff. Additionally, most be able to communicate effectively at all levels within the organization. Global complex environments such as banking, retail, technology and/or travel and leisure companies.

Decision-Making:

• Tactical: Decisions focus on intermediate-term issues. The purpose of decisions made at this level are to help move CCL closer to reaching strategic goals. Outcomes are predictable. After a decision is made by Top Executive Leadership, the next phase is to take the needed steps to implement it. Examples are: The amount of money required to implement, which advertising agency to promote a new service or to provide an incentive plan to employees to encourage increased revenue.

Physical Demands: Must be able to remain in a stationary position at a desk and/or computer for extended periods of time.

Travel: Less than 25% with shipboard travel likely.

Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.

The range for this role’s salary $75,900-$140,000. Offers to the selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including:

• Health Benefits:

• Cost-effective medical, dental and vision plans

• Employee Assistance Program and other mental health resources

• Additional programs include company paid term life insurance and disability coverage

• Financial Benefits:

• 401(k) plan that includes a company match

• Employee Stock Purchase plan

• Paid Time Off

• Holidays – All full-time and part-time with benefits employees receive days off for 7 company-wide holidays, plus an additional floating holiday to be taken at the employee’s discretion.

• Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year. All employees gain additional vacation time with further tenure.

• Sick Time – All full-time employees receive 80 hours of sick time each year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.

• Other Benefits

• Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends

• Personal and professional learning and development resources including tuition reimbursement

• On-site preschool program, wellness center, and health clinic at our Miami campus

#LI-SH1

#LI-Hybrid

About Us

In addition to other duties/functions, this position requires full commitment and support for promoting ethical and compliant culture. More specifically, this position requires integrity, honesty, and respectful treatment of others, as well as a willingness to speak up when they see misconduct or have concerns.

Carnival Corporation & plc is a global cruise company and one of the largest vacation companies in the world. Our portfolio of leading cruise brands includes Carnival Cruise Line, Holland America Line, Princess Cruises and Seabourn in North America; P&O Cruises, and Cunard Line in the United Kingdom; AIDA in Germany; Costa Cruises in Southern Europe; and P&O Cruises in Australia. Our employees have a responsibility to be accountable for all actions. We consider the environment in all aspects of our business and have a responsibility to put safety andsustainability first. We live and share a positive attitude which is based on fostering an environment of inclusion, trust, a willingness to listen, openness and integrity.

Carnival Corporation & plc and Carnival Cruise Line is an equal employment opportunity/affirmative action employer. In this regard, it does not discriminate against any qualified individual on the basis of sex, race, color, national origin, religion, sexual orientation, age, marital status, mental, physical or sensory disability or any other classification protected by applicable local, state, federal and/or international law.

Benefits as a member of Carnival's Team:

• A comprehensive benefit program which includes medical, dental and vision plans

• Additional programs include company paid term life insurance and disability coverage and a 401(k) plan that includes a company match

• Employee Stock Purchase plan

• Paid vacation and sick time

• Cruise benefits

• An on-site fully accredited preschool educational program located at our Doral campus

• An on-site Wellness Center and Health clinic at our Doral campus

To view a copy of Carnival's FMLA, EEO and EPPA posters please visit: (click or copy and paste link into your browser).

https://www.dol. gov/sites/dolgov/files/WHD/legacy/ files/fmlaen.pdf

https://www.dol. gov/ofccp/regs/compliance/posters /pdf/eeopost.pdf

https://www.dol. gov/sites/dolgov/files/WHD/legacy/ files/eppac.pdf

https: //www.dol. gov/ofccp/regs/compliance/posters /pdf/OFCCPEEOSupplementFi nalJRFQA508c.pdf