At Shire, we are proud and grateful to employ military veterans and thank them for their contributions to our company and our country. See where your military experience can play a role at Shire by using our military skills translator job search tool below:
The Principal, Third Party Risk Management is responsible for executing risk assessments with the goal of effectively identifying, analyzing, and evaluating cybersecurity risks to Carnival Corporation plc. These assessments will primarily be for third party, where expertise in technology and understanding what gaps in processes or technology mean in terms of real world risk.
Primary activities include, but are not limited to, gathering information (such as security gaps, mitigating controls, design, financials, security program artifacts) to execute risk assessments on the third party being assessed. The successful candidate will utilize their security and technical expertise to define cybersecurity risks, rate those risks, communicate those risks, defend their analysis, and work with the business to drive down risk to acceptable levels. Additionally, the selected candidate will manage and facilitate the assessment process. Additionally, for third party risk assessments, they will ensure contractual requirements are incorporated into legal agreements.
The selected individual will provide support internally to the Global Cybersecurity Services (GCS) team, which is responsible for the Risk Management function, including the Third Party Security Risk Management program. They will manage service level agreements for assessment reviews, troubleshoot and enhance functionality within the tool used to conduct assessments (OneTrust), and act as the primary escalation liaison between the TRSPM team and the business owners of the third party relationships.
Strong process management and communication skills are required for this role. A sound knowledge of the industry and TPRM experience will be applied to assist leadership with ongoing strategic efforts, such as: integration with surrounding global functions and systems, global program facilitation and reporting capabilities, management of professional services and associated KPIs, and implementation of additional program automation and identified development opportunities.
Essential Functions:
Third-Party Risk Management:
Assess the risk of third-party business partners based on their procedures and controls.
Facilitate third-party risk management due-diligence processes across business units.
Execute risk assessments for third parties working with Carnival.
Drive appropriate stakeholder participation in the assessment, evaluation, and response to risk.
Manage vendor relationships, fielding inquiries, and overseeing/assisting in the vendor assessment process.
Risk Management:
Serve as a risk subject-matter-expert.
Identify, analyze, evaluate, and work with the business to manage risks.
Execute risk assessments for exceptions and new projects.
Training and Development:
Conduct training as required throughout company business units to enhance understanding and awareness of risk.
Reporting and Support:
Provide weekly leadership status updates.
Continue development of the OneTrust dashboard and reporting capabilities to highlight key program KPIs and KRIs.
Support program lead with all additional ongoing strategic projects to enhance program maturity.
Performs other duties as assigned
Qualifications:
Bachelor’s degree in a relevant field of study or commensurate professional experience
An advanced degree is desirable
Certifications: CTPRP, CISSP, CISM, CRISC
The candidate will have a minimum of 8 years of relevant Risk Management experience or similar IT function. Additional experience within security, governance and compliance desirable.
Knowledge, Skills and Abilities:
Excellent oral and written communication, presentation and collaboration skills.
Strong organization skills with the ability to deal with multiple tasks and projects simultaneously.
Familiarity with NIST CSF, 800-30, 800-53, 800-171, 800-161
Experience working with legal to conduct contract language reviews.
Experience with GRC tools used to conduct TPRM due diligence assessments, preferably OneTrust.
Experience with VISO Trust.
Experience with Black Kite.
Physical Demands: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.
Travel: Less than 25% with shipboard travel likely
Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.
This position is classified as “in-office.” As an in-office role, it requires employees to work from a designated Carnival office in South Florida Tuesday through Thursday each week. Employees may work from their homes on Mondays and Fridays. Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area.
Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.
At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including:
Health Benefits:
Cost-effective medical, dental and vision plans
Employee Assistance Program and other mental health resources
Additional programs include company paid term life insurance and disability coverage
Financial Benefits:
401(k) plan that includes a company match
Employee Stock Purchase plan
Paid Time Off
Holidays – All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays to be taken at the employee’s discretion.
Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year. All employees gain additional vacation time with further tenure.
Sick Time – All full-time employees receive 80 hours of sick time each year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.
Other Benefits
Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends
Personal and professional learning and development resources including tuition reimbursement
On-site preschool program and wellness center at our Miami campus
#LI-EJ1
#LI-Hybrid
About Us
Carnival Corporation & plc is the world’s largest leisure travel company, our mission to deliver unforgettable happiness to our guest through our diverse portfolio of leading cruise brands and island destinations, including Carnival Cruise Line, Holland America Line, Princess Cruises, and Seabourn in North America and Australia; P&O Cruises and Cunard Line in the United Kingdom; AIDA in Germany; Costa Cruises in Southern Europe.
Join us and embark on a career that offers not only the chance to grow professionally but also the opportunity to be part of a global community that makes a difference.
In addition to other duties/functions, this position requires full commitment and support for promoting ethical and compliant culture. More specifically, this position requires integrity, honesty, and respectful treatment of others, as well as a willingness to speak up when they see misconduct or have concerns.
Carnival Corporation & plc and Carnival Cruise Line is an equal employment opportunity/affirmative action employer. In this regard, it does not discriminate against any qualified individual on the basis of sex, race, color, national origin, religion, sexual orientation, age, marital status, mental, physical or sensory disability, or any other classification protected by applicable local, state, federal, and/or international law.
https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/fmlaen.pdf
https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf
https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/eppac.pdf
https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf