Senior Analyst, Third-Party Risk Management

Journey with us! Combine your career goals and sense of adventure by joining our exciting team of employees. Royal Caribbean Group is pleased to offer a competitive compensation and benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

We are proud to be the vacation-industry leader with global brands — including Royal Caribbean International, Celebrity Cruises and Silversea Cruises — the most innovative fleet and private destinations, and the best people. Together, we are dedicated to turning the vacation of a lifetime into a lifetime of vacations for our guests.

The position is onsite and based in Miramar, Florida.

The position is also not eligible for work authorization sponsorship.

Position Summary:

We are seeking a highly skilled and experienced Third-Party Risk Management (TPRM) Senior Analyst to join our Global Information Security (GIS) Information Risk Management (IRM) team.  The ideal candidate will be responsible for assessing, monitoring, and mitigating cybersecurity risks associated with third-party vendors and partners.  This position ensures that external parties comply with organizational security standards and regulatory requirements, reducing exposure to potential threats and vulnerabilities.  The ideal candidate will have strong analytical skills, deep knowledge of cybersecurity frameworks, and experience in third-party risk management programs.

Key responsibilities will include:

• Conduct comprehensive cybersecurity risk assessments for new and existing vendors.
• Evaluate vendor security posture against industry standards (e.g., NIST, ISO 27001, CIS).
• Maintain ongoing monitoring of third-party risks using tools and platforms (e.g., BitSight, OneTrust).
• Develop and present risk reports to leadership, highlighting critical findings and remediation plans.
• Ensure third-party engagements comply with internal security policies and regulatory requirements (e.g. GDPR, HIPAA, PCI DSS).
• Collaborate with Legal and Procurement teams to integrate security requirements into contracts and SLAs.
• Work with vendors to address identified gaps and track remediation progress.
• Escalate high-risk findings and recommend risk treatment strategies.
• Support the enhancement of the TPRM program, including process improvements and automation.
• Assist in developing risk scoring methodologies and vendor tiering models.
• Partner with internal teams (IT, Compliance, Procurement) to align risk management objectives.
• Provide guidance and training on third-party risk best practices.

Qualifications and Education:

• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or related field.
• Relevant certifications preferred (e.g., CISSP, CISM, CRISC).
• 3-4 years in cybersecurity risk management, with at least 2 years focused on third-party/vendor risk.
• Strong understanding of risk assessment methodologies and regulatory frameworks.
• Proficiency in risk management tools and platforms.
• Excellent analytical, communication, and stakeholder management skills.
• Ability to interpret technical security controls and translate them into business risk impact.
• Proficiency in GRC and TPRM platforms (e.g., OneTrust, ServiceNow GRC preferred) and risk assessment tools.
• Strong understanding of information security frameworks (e.g., NIST CSF, ISO 27001).

Agency and Third-Party Submissions: Please note this is a direct search by the Company, and applications through agencies and other third parties will not be accepted, nor will fees be paid for unsolicited resumes. Any unsolicited resumes will be considered the Company's property.

We know there's a lot to consider. As you go through the application process, our recruiters will be glad to provide guidance, and more relevant details to answer any additional questions. Thank you again for your interest in Royal Caribbean Group. We'll hope to see you onboard soon!

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. Royal Caribbean Group and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.