Apply now »

Manager, Governance Risk & Compliance

Position Summary:

Royal Caribbean Group (RCCL) is seeking a Manager, Global Information Security Governance to be the information security governance thought leader and team manager responsible for leading, developing, managing, and communicating information security governace to a NIST CSF based governance structure.  The successful candidate for this position will champion and develop a governance methodology that informs management of IT risk across the globe.  This position will requires superior communication, networking, leadership and governance technology skills.   RCCL is regulated globally so the manager should have great working knowledge of country specific privacy laws.

Essential Duties and Responsibilities:

  • Thought leader and creator of the information security governance program globally.  Communicates with business and IT leaders to risk/reward NIST based methodology.
  • Establish goals for the team of governance professionals that manage metrics, education & awareness, policy and data governance working alongside leaders to communicate information security threats, risks, and compliance requirements for the organization.
  • Creates, maintains, and reports metrics related to global information security program.
  • Collaborates closely with the peers within the risk and compliance teams as well as information security teams as well as business and IT stakeholders to ensure that corporate goals are met.
  • Manages policy and standards related to global information security both shipbaord & shoreside.
  • Manages configuration and implementation of metrics reporting toolset.
  • Ensures budgetary and fiscal integrity for governance team.
  • Trains others on metrics best practices with fitment to RCCL business and operational model.
  • Maintains governance leading practices to inform program direction.
  • Reviews and opines on metrics to align with information security policy and NIST based governance model.
  • Leads communicators in education and awareness to collaborate with Senior IT leadership and Corporate/Shipboard Communications


Financial Responsibilities

  • Ensures that governance toolset and employee education and awareness spend aligns with department budget.
  • Manages senior level individual contributors, approves expenses, and manages employee compensation within corporate guidelines.


  • Bachelors in Information Technology/Security, Computer Science is preferred, non-technical degrees with Computer Science fundamentals will be consider combined with technology experience.
  • At least one Information Security certification such as CISSP, CRISC, GIAC, etc. required to be obtained and maintained.
  • 3-5 years of Information Security Governance experience.
  • 5 years of Information Technology experience.
  • 2-5 year’s experience in managing small teams and projects. 
  • Superior written and verbal communications required.

Knowledge and Skills:

  • Expert with Microsoft Office suite of applications, ability to convert raw technology metrics into meaningful reports at an executive level.
  • Expert at creating purposeful metrics, KRI’s/KPI’s that convey risk messages and identify areas for improvement that are actionable by executive teams.
  • Knowledge of information security frameworks such as NIST, ISO, FISMA, etc.
  • Knowlege of risk frameworks such as Octave, FAIR, ISACA RiskIT, ISO 27005, and /or NIST 800-30 or 800-37.
  • Knowledge of global privacy laws, regulations, and guidelines.
  • Ability to articulate cyber requirements to employees and third parties at all levels within and outside the organization.


Physical Demands:

  • Should be able to show up at office environment and work at least 8 hours a day for 4 days a week, and remotely for 1 day a week.



Work Environment:

  • Office environment
  • Up to 20% travel internationally may be required.


Nearest Major Market: Miami

Apply now »