Apply now »

Senior Manager, Maritime Cybersecurity

Journey with us! Combine your career goals and sense of adventure by joining our exciting team of employees. Royal Caribbean Group is pleased to offer a competitive compensation and benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

The Royal Caribbean Group’s Global Information Security has an exciting career opportunity for a full-time Senior Manager, Maritime Cybersecurity reporting to the AVP of Governance, Risk & Compliance.

The position is onsite and based in Miramar, Florida.

Position Summary:

Royal Caribbean Group (RCG) is seeking a Senior Manager, Maritime Cybersecurity to be the operational technology (OT), Entertainment Technology (ET), Internet of Things (IoT), and information security (IS) maritime compliance thought leader and manager responsible for leading, developing, managing, and empowering a team of senior individual contributors charged with maritime compliance to a growing fleet of ships.  The successful candidate for this position will champion and mature a management methodology and lead a team of OT/ET/IoT subject matter experts and technical experts with the brand(s) and marine operations.  Additionally working directly with senior GRC leaders to opine on the risk of the fleet to the enterprise and ensure alignment with Maritime Business Information Security Officer to quantify the cyber threat vector for the fleet and to the larger enterprise program.  This role will also be responsible for ensuring good alignment between shipboard operations and shoreside initiatives responsible for developing a dashboard for communication.  This position requires executive communication skills, networking, leadership and deep maritime management skills.   RCG is regulated globally so the manager should have experience understanding and interpreting for the maritime operators a variety of international, flag, and class specific maritime privacy and cyber laws and regulations.

Essential Duties and Responsibilities:

Collaborate with business and IT leaders to balance risk/reward to improve security in OT/ET/IoT applications and third-party engagements.

Manage and mature maritime compliance program globally.  Guide maritime operators, onboard executive teams, and IT leaders in applying a risk/reward NIST-based methodology that aligns closely with Safety, Quality, and Environmental programs.

Lead compliance with appropriate Flag and Port State regulations. Follow up on existing remediation work (from prior audits) and evaluate the effectiveness of the proposed and/or implemented corrective actions.

Lead presentations of audit results and influence acceptance of treatment programs to the shipboard executive committee or shore side management / executives. This includes documenting detailed findings (e.g. noteworthy efforts, nonconformities, observations, verification statements).

Manage training to shipboard and applicable shore side staff regarding topics required by maritime cyber regulations.

Continually improve compliance protocols, the maritime compliance program, and the corporate management system tools.

Actively engage in liaison activities with maritime industry associations, peer institutions, regulatory and contractual agencies/organizations and IS information sharing communities.

Leverage external information sharing forums to ensure that the maritime cybersecurity program is staying current of emerging industry practices. Evaluate new technology and practices that will support and evolve the program.

Review, interpret and explain complex maritime cyber guidelines and future regulations such as BIMCO Cybersecurity Guidelines for Ships, U.S. Coast Guard security requirements, and International Maritime Organization (IMO) to executives, IT management, IT staff, peers and non-technical team members as required to drive improve understanding, awareness, and adoption.

Develop and retain key talent; providing opportunities for growth of technical skills and other interpersonal skills for assigned staff.

Direct a team to maintain and reports business metrics to cyber organization and communicates cyber related risks to the business with risk/reward scenarios to synchronize with RCG’s corporate governance framework.

Advocate for required change and continuously opines on policy and standards exceptions program.

Lead discussions and answers complex cross-functional policy and standards questions, forecasting best practice in policy.

Manage hiring, training and collaboration of leaders to work with business and IT leaders.

Opine upon GRC and third-party security toolset for IT organization.

Proactively govern and evolve existing technology standards and architectures to meet evolving business needs and changing external industry landscape.

Qualifications:

Master's degree in Information Technology/Security, Computer Science is preferred, non-technical degrees with Computer Science fundamentals will be considered if combined with technology experience.

7+ years of Information Security/Technology experience.

5 years of operational technology experience required.

5 years of managing teams and/or projects.

Executive level written and verbal communications required.

Desired Skills:

Expert knowledge of security issues, techniques, and implications across common computing systems.

Expert level vulnerability assessment and remediation knowledge.

Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step.

Expert with Microsoft Office suite of applications, ability to rationalize raw technology metrics into meaningful reports at an executive level.

Expert at creating purposeful metrics, KRI’s/KPI’s that convey risk messages and identify areas for improvement that are actionable by executive teams.

Expert knowledge of information security frameworks such as NIST, ISO, FISMA, OWASP, SCADA, etc.

Expert knowledge risk frameworks such as Octave, FAIR, ISACA RiskIT, ISO 27005, and /or NIST 800-30 or 800-37.

Knowledge of global maritime privacy laws, regulations, and guidelines.

Ability to articulate information security maritime compliance program to executive level employees and third parties and at all levels within and outside the organization.

Work Environment:

Office environment with up to 40% travel international

Power Skills:

Collaborates Effectively
Communicates Effectively
Develops Talent
Manages Conflict
Plans and Aligns

We know there's a lot to consider. As you go through the application process, our recruiters will be glad to provide guidance, and more relevant details to answer any additional questions. Thank you again for your interest in Royal Caribbean Group. We'll hope to see you onboard soon!

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. Royal Caribbean Group and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.

#LI-MP1

Nearest Major Market: Miami

Apply now »

Provider	Description	Enabled
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions
AddThis	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions