Apply now »

Lead, Information Security GRC - Compliance

Position Summary:


Royal Caribbean Group (RCG) is seeking a Lead in IS GRC Compliance to bolster the IT compliance program leading, developing, and communicating IT compliance to a NIST CSF based governance structure. The role of the IS GRC Compliance Lead is to guide the organization to Sarbanes-Oxley Act (SOX), General Data Protection (GDPR), Payment Card Industry Data Security Standard (PCI DSS) and other regulatory requirements. The GRC Compliance Lead will be an integral member of the Governance Risk and Compliance (GRC) department and will drive compliance with internal policy and procedures, as well as external laws, regulations and professional standards specific to the organization.


The successful candidate for this position will continue the development of an IT compliance methodology that informs management of IT compliance across the globe.  This position will require great attention-to-detail, technical expertise, effective communication, networking, and IT compliance management experience.


The IS GRC Compliance Lead reports to the IT Compliance Manager and is responsible for documenting Compliance program schedules, inventories, procedures and associated program collateral. The Lead will collaborate with internal and external audit teams, IT Management, and the line of Business to ensure that compliance requirements are met, risks are identified, communicated and addressed.

Essential Duties and Responsibilities:

  • Document Compliance program schedules, inventories, procedures and associated program collateral.
  • Ability to thrive in an agile environment, with high sense of urgency and proactive team player.
  • Lead IT SOX audit across entire project lifecycle, including information gathering, assessment, remediation and reporting phases.
  • Interact with auditors and IT teams to confirm findings and risk mitigation strategies.
  • Provide expertise in auditing all system layers (i.e., application, database and operating system) to ensure that controls are in place.
  • Produce accurate and detailed work papers that are traceable, repeatable, and auditable.
  • Perform Quality Assurance (QA) reviews over work products produced by the team in order to deliver high quality deliverables.
  • Engage with business to ensure that critical processes are appropriately documented by control owners and that timely reviews are performed.
  • Provide status reporting, activity scheduling, artifact collection and management, and other supporting tasks.
  • Conduct SOX Compliance readiness assessments over newly developed applications.
  • Collaborate with business sponsors, Technology and Internal Audit teams to initiate, conduct and close compliance activities and assessments in a timely manner.
  • Analyze risk and reward of business process to ensure security while maintaining agility within IT lifecycles.
  • Maintain and reports metrics related to IT compliance program.
  • Inform, advise and issue recommendations to IT teams regarding compliance with regulatory requirements.
  • Collaborate closely with the governance and risk teams as well as business and IT stakeholders to ensure that corporate goals are met.
  • Builds on IT compliance leading practices to inform program direction.
  • Develops and executes appropriate policies and procedures to ensure that audit trails are intact.
  • Develops audits to expose vulnerabilities from system configuration changes and network growth.
  • Monitors industry markets and vendors; introduces new audit techniques to the business.
  • Establishes best practices for the use of information audits and control technologies and techniques.
  • Establishes audit programs and compliance metrics for information security.
  • Creates methodologies used to develop and implement a security audit function.
  • Predicts security issues and their potential impact on RCG guest operations.
  • Perform other GRC related duties as assigned.


Financial Responsibilities

  • Ensures that compliance toolset aligns with department budget.
  • Ensures individual expenses are within corporate guidelines.


  • Bachelor’s in Information Technology/Security, Computer Science is preferred, non-technical degrees with Computer Science fundamentals will be consider combined with technology experience.
  • Experience with ServiceNow Governance, Risk and Compliance is strongly preferred.
  • Knowledge of Smartsheet, JIRA/Confluence, and PowerBI a plus.
  • At least one Information Security certification such as CISA, CISSP, PMP, CRISC, etc. is preferred.
  • 5+ years of experience in Information Security, IT Compliance and/or internal/external Audit. Big 4 experience  with SEC clients preferred.
  • Demonstrated experience in performing SOX and PCI audits across entire project lifecycle.
  • Compliance or auditing experience performing or supporting SOC 1, SOC 2, GDPR, PCI-DSS assessments is desired.
  • Technical experience auditing Windows, IBM i, iSeries, AS/400, Unix/Linux operating systems; Oracle and SQL databases is required.
  • Strong written and verbal communication required.
  • Proficient with Microsoft Excel.

Knowledge and Skills:

  • Expert with Microsoft Office suite of applications, ability to convert raw technology metrics into meaningful reports for managers.
  • IT audit or security technical background required.
  • Practiced at creating purposeful metrics, KRI’s/KPI’s that convey risk messages and identify areas for improvement that are actionable by executive teams.
  • Operational knowledge of the deployment of Information Security frameworks such as NIST, ISO, FISMA, etc. is preferred.
  • Ability to learn to articulate IT compliance to employees and third parties at all levels within and outside the organization.
  • Excellent verbal, presentation, and written communication skills for both technical and non-technical audiences.


Physical Demands:

Should be able to arrive at office environment and work at least 8 hours a day for 4 days a week. Working internet connection required 1 day a week (Fridays).


Work Environment:

Fast-paced, fluid and innovative work environment. Requires flexibility and exceptional interpersonal relationship skills.

Up to 10% travel internationally may be required.

  • May require travel to meet with external business partners.
  • May require travel to internationally to internal offices and/or ships
  • #LI-DW1

Nearest Major Market: Miami

Apply now »