Lead, Information Risk Management

Journey with us! Combine your career goals and sense of adventure by joining our exciting team of employees. Royal Caribbean Group is pleased to offer a competitive compensation and benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

The Royal Caribbean Group’s Global Information Security has an exciting career opportunity for a full-time Lead, Information Risk Management reporting to the Senior Manager, CyberSecurity Risk Management.

The position is onsite and based in Miramar, Florida.

Position Summary: 

We are seeking a highly skilled and experienced Information Risk Management Lead to join our Global Information Security (GIS) team risk assessments and risk management team.  The ideal candidate will be responsible for identifying, analyzing and mitigating information security risks across the organization, possessing deep expertise in cybersecurity and information risk, with a proven track record in conducting application and third-party risk assessments.  

Essential Duties and Responsibilities: 

• Lead and support the execution of comprehensive information security risk assessments for IT systems, applications, and processes, identifying risks and issues.
• Prepare documentation and support compliance assessments related to information security and risk management frameworks, ensuring adherence to regulatory requirements and standards (e.g. SOX, GDPR, HIPPA, PCI-DSS).
• Work closely with BISOs, broader security team, IT and business to promote risk awareness and facilitate risk mitigation strategies.
• Interact and collaborate with key personnel in various departments including, but not limited to, Procurement, IT, Legal, Compliance, Human Resources, Internal Audit, etc.
• Review and analyze security contract language to align with information security policy.
• Collaborate across teams to embed the best practices in risk management, automate processes, and continuously improve our security posture.
• Lead the ongoing enhancement of the organization’s Information Risk Management program, ensuring alignment with business objectives, regulatory requirements, and industry standards.
• Perform application and third-party risk assessments for enterprise systems and vendors across the organization, overseeing the end-to-end process for identifying, assessing, and prioritizing cyber risks with junior risk analysts.
• Develop and implement effective risk mitigation strategies, controls, and best practices.
• Drive the creation of insightful risk assessment reports and dashboards tailored for senior management and stakeholders, providing actionable recommendations to reduce risk exposure.
• Collaborate with the Senior Manager to develop and deliver targeted training programs that elevate the risk literacy and assessment capabilities of the risk team.
• Identify opportunities to automate risk management workflows and compliance processes within GRC platforms, implementing controls that enhance operational effectiveness.
• Support GRC Policy Manager with updates to security policies and standards to reflect changes in the threat landscape, regulatory requirements, and industry best practices.

Qualifications: 

• Bachelor's in information technology/security, Computer Science is preferred, non-technical degrees with Computer Science fundamentals will be considered combined with technology experience.
• At least one Information Security certification such as CISSP, CCSP, CEH, CRISC, GIAC, CISM, etc. required.
• 5-7 years of Information Security, Information Technology, Risk, Audit and/or a combination of experience.
• 5-7 years of managing projects and/or teams. 
• 2-5 years of experience in GRC platform development.
• Proficiency in GRC platforms (e.g., RSA Archer, ServiceNow GRC, MetricStream) and risk assessment tools. Strong understanding of information security frameworks (e.g., NIST CSF, ISO 27001).
• Deep understanding of cyber risk management principles, threat modeling, and risk mitigation strategies.
• Strong analytical and problem-solving skills. Ability to assess risks, identify solutions, and make data-driven decisions.
• Previous experience in a lead or managerial role is highly desirable.
• Executive level written and verbal communications required. Ability to effectively communicate complex security concepts to both technical and non-technical audiences.
• Takes initiative and anticipates needs before they arise.
• Pays close attention to detail while maintaining a big-picture perspective.
• Works well with others and contributes to a positive team culture.
• Thrives in a fast-paced, dynamic environment.

Power Skills:

• Collaborates Effectively 
• Communicates Effectively 
• Develops Talent 
• Manages Conflict 
• Plans and Aligns 

We know there's a lot to consider. As you go through the application process, our recruiters will be glad to provide guidance, and more relevant details to answer any additional questions. Thank you again for your interest in Royal Caribbean Group. We'll hope to see you onboard soon!

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. Royal Caribbean Group and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.

#LI-MP1