Job Specifications
The Principal, Third Party Risk Management is responsible for executing risk assessments with the goal of effectively identifying, analyzing, and evaluating cybersecurity risks to Carnival Corporation plc. These assessments will primarily be for third party, where expertise in technology and understanding what gaps in processes or technology mean in terms of real-world risk.
Primary activities include, but are not limited to, gathering information (such as security gaps, mitigating controls, design, financials, security program artifacts) to execute risk assessments on the third party being assessed. The successful candidate will utilize their security and technical expertise to define cybersecurity risks, rate those risks, communicate those risks, defend their analysis, and work with the business to drive down risk to acceptable levels. Additionally, the selected candidate will manage and facilitate the assessment process. Additionally, for third party risk assessments, they will ensure contractual requirements are incorporated into legal agreements.
The selected individual will provide support internally to the Global Cybersecurity Services (GCS) team, which is responsible for the Risk Management function, including the Third Party Security Risk Management program. They will manage service level agreements for assessment reviews, troubleshoot and enhance functionality within the tool used to conduct assessments (OneTrust), and act as the primary escalation liaison between the TRSPM team and the business owners of the third party relationships.
Strong process management and communication skills are required for this role. A sound knowledge of the industry and TPRM experience will be applied to assist leadership with ongoing strategic efforts, such as: integration with surrounding global functions and systems, global program facilitation and reporting capabilities, management of professional services and associated KPIs, and implementation of additional program automation and identified development opportunities.
Essential Functions:
Third-Party Risk Management
Assess the risk of third-party business partners based on their procedures and controls.
Facilitate third-party risk management due-diligence processes across business units.
Execute risk assessments for third parties working with Carnival.
Drive appropriate stakeholder participation in the assessment, evaluation, and response to risk.
Manage vendor relationships, fielding inquiries, and overseeing/assisting in the vendor assessment process."
Risk Management
Serve as a risk subject-matter-expert.
Identify, analyze, evaluate, and work with the business to manage risks.
Execute risk assessments for exceptions and new projects.
Training and Development
Conduct training as required throughout company business units to enhance understanding and awareness of risk.
Reporting and Support
Provide weekly leadership status updates.
Continue development of the OneTrust dashboard and reporting capabilities to highlight key program KPIs and KRIs.
Support program lead with all additional ongoing strategic projects to enhance program maturity.
Qualifications:
Bachelor’s degree in a relevant field of study or commensurate professional experience
The candidate will have a minimum of 8 years of relevant Risk Management experience or similar IT function.
CTPRP, CISSP, CISM, CRISC
Knowledge, Skills, and Abilities:
Excellent oral and written communication, presentation and collaboration skills.
Strong organization skills with the ability to deal with multiple tasks and projects simultaneously.
Familiarity with NIST CSF, 800-30, 800-53, 800-171, 800-161
Experience working with legal to conduct contract language reviews.
Experience with GRC tools used to conduct TPRM due diligence assessments, preferably OneTrust.
Experience with VISO Trust.
Experience with Black Kite.
Physical Demands: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.
Travel: Less than 25% with shipboard travel likely
Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.
This position is classified as “in-office.” As an in-office role, it requires employees to work from a designated Carnival office in South Florida Tuesday through Thursday each week. Employees may work from their homes on Mondays and Fridays. Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area.
Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.
At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to mee
About the Company
Carnival Corporation & plc (NYSE: CCL; NYSE: CUK) is the largest global cruise company, and among the largest leisure travel companies, with a portfolio of world-class cruise lines and a fleet of over 90 ships. Together its cruise lines - including AIDA Cruises, Carnival Cruise Line, Costa Cruises, Cunard, Holland America Line, P&O Cruises, Princess Cruises, and Seabourn - visit more than 800 ports around the world and account for nearly 40% of the overall cruise market globally. In 2024, the company's talented workforce of ...
Know more