Carnival Corporate Information Security Director

The Carnival Corporate Information Security Officer (BISO) serves a pivotal role in safeguarding the information assets and security posture of the assigned brand or business unit. The BISO acts as a strategic partner to both the business and the Office of the Chief Information Security Officer (CISO), ensuring that the brand or unit's IT activities align with corporate security objectives, industry standards, and regulatory requirements. Key responsibilities include: 1. Strategic Security Leadership: The BISO leads the development and implementation of security initiatives specific to the brand, driving security strategy and aligning it with the overarching security vision set by the global CISO. This includes managing security risks, setting priorities, and ensuring that security programs effectively mitigate potential threats while supporting business objectives. 2. Compliance and Risk Management: The BISO ensures that all security policies, standards, and practices are adhered to within the brand or business unit. This includes fostering a strong security culture, promoting awareness, and ensuring that security compliance is consistently maintained across all brand-related IT operations. The BISO works closely with legal, risk, and compliance teams to assess and mitigate risks, conduct regular audits, and respond to any gaps in compliance. 3. Guidance and Consultation for Brand/Operating Unit IT: As a trusted advisor, the BISO provides guidance on a wide range of security domains, such as access management, data protection, incident response, and security architecture. The role involves ensuring that the IT team has the necessary resources, expertise, and tools to implement effective security controls and meet regulatory and security requirements. 4. Brand-Specific Risk Identification and Mitigation: The BISO actively works to identify security risks that are unique to the brand or business unit. This involves a detailed understanding of the brand's operations, technology stack, and potential threat landscape. The BISO then works to mitigate those risks through targeted initiatives, awareness programs, and collaboration with cross-functional teams, including operations, development, and infrastructure teams. 5. Collaboration with Global CISO: Reporting directly to the Global CISO, the BISO ensures that security efforts at the brand level are consistent with corporate security strategies and policies. The BISO provides regular reports to both the Global CISO and the Brand/Operating Unit Executives, highlighting compliance status, identified risks, and ongoing security initiatives. This role is key in facilitating clear communication between the brand and corporate leadership, ensuring transparency in security posture and risk management. 6. Incident Response and Crisis Management: The BISO plays an integral role in the event of a security breach or incident, ensuring prompt identification, containment, and resolution of security issues. The BISO coordinates with relevant stakeholders within the brand and across the organization to minimize impact and ensure that proper post-incident analysis and remediation plans are in place. 7. Continuous Improvement and Security Maturity: The BISO is committed to the continuous enhancement of the brand's security posture, driving ongoing security maturity initiatives. This includes staying ahead of emerging threats, adopting best practices, and recommending improvements to existing security frameworks to adapt to the evolving landscape of cyber threats. In summary, the Carnival BISO is a critical role that bridges the gap between corporate security objectives and the operational realities of the brand, ensuring robust protection of information assets, compliance with security policies, and the effective mitigation of security risks. Through close collaboration with IT, legal, compliance, and security teams, the BISO contributes to the overall security strategy and resilience of the organization. Essential Functions: Prioritize, oversee, and manage security and compliance related projects and business-as-usual activities in the brand, ensuring successful execution and reporting, including Identity and Access Management, Governance Risk and Compliance, Security Architecture, Maritime Safety, Infrastructure Application and Data Security, and Threat Management. Resource Allocation: Proposing and allocating funds for security tools, software, and hardware to protect the company's information assets. Risk Management: Budgeting for risk assessments, penetration testing, and other security assessments to identify vulnerabilities and mitigate risks. Compliance: Proposing and allocating funds for compliance efforts to meet legislative and regulatory requirements related to information security. Continuous Improvement: Allocating funds for ongoing security improvements, such as security updates, patches, and upgrades to existing security infrastructure. Policy and Standards Adherence: Ensure that the brand IT adheres to corporate security policies, standards, and guidelines, and develop brand-specific security policies when necessary. Team Management: Ensure that sufficient resources are allocated to the Brand for security, meeting the security requirements of the Domains. Plan and provide essential training to the core security team at the brand. Performance Metrics: Track standard key security performance indicators to measure and improve brand security posture, effectiveness and reporting the result back to the CISO office and Brand Executives. Stakeholder Management: Collaborate with the security domains, peer BISOs, brand IT leaders, audit, and other brand stakeholder groups to share best practices and manage expectations. Vendor Management: Responsible for negotiating and maintaining relationships with external suppliers and ensuring vendor compliance. Qualifications: Bachelor's degree in Business Informatics, Business Administration, Information Technology, Computer Science, or Information Security. Master's degree preferred. CISM, CISSP. Desired training in Project management, product management or Agile approach preferred. 8-12 years of experience in roles relevant to information security. 2-3 years of team management or leadership experience. Deep understanding of network security, security architecture, vulnerability management, cloud security, application security, and threat intelligence. Strong knowledge of cybersecurity and privacy principles, frameworks, and best practices (e.g., NIST Cybersecurity Framework, PCI, SOX, GDPR). Excellent communication and interpersonal skills. Ability to analyze complex security issues and provide timely solutions. Experience as security manager or senior security consultant in mid to large organizations. Knowledge, Skills & Abilities: Ability to communicate technical concepts related to cybersecurity effectively. Strong planning and project management skills. Physical Demands: Must be able to remain in a stationary position at a desk and/or computer for extended periods of time. Travel: Less than 25% with non-shipboard travel likely. Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential. This position is classified as "in-office." Employees are required to work from a designated Carnival office in South Florida five days each week. Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area. Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience. At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Carnival provides comprehensive and innovative benefits to meet your needs, including: Health Benefits: Cost-effective medical, dental and vision plans Employee Assistance Program and other mental health resources Financial Benefits: 401(k) plan that includes a company match Employee Stock Purchase plan Paid Time Off: Holidays - All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays. Vacation Time - All full-time employees at the manager level start with 14 days/year; director level starts with 19 days/year. Sick Time - All full-time employees receive 80 hours of sick time each year. Other Benefits: Complementary stand-by cruises, employee discounts on confirmed cruises. Personal and professional learning and development resources including tuition reimbursement. On-site preschool program and wellness center at our Miami campus. #LI-Hybrid #LI-SH1 About Us Carnival Corporation & plc is the world's largest leisure travel company, our mission to deliver unforgettable happiness to our guests through our diverse portfolio of leading cruise brands. Join us and embark on a career that offers not only the chance to grow professionally but also the opportunity to be part of a global community that makes a difference. This position requires full commitment and support for promoting ethical and compliant culture. Carnival Corporation & plc and Carnival Cruise Line is an equal employment opportunity/affirmative action employer. #J-18808-Ljbffr

Created: 2025-03-01