Carnival Corporate Information Security Director (BISO)

Job Description

Carnival Corporate Information Security Officer (BISO) plays a critical role in safeguarding the Brand (or Business Unit's) information assets, ensuring compliance with security policies, and mitigating potential risks. It also involves overseeing and implementing security initiatives at the brand level that come from the Office of CISO. This entails aligning Brand IT activities with corporate security objectives, addressing brand-specific risks, and guiding Brand IT on security domains requirements. The BISO is also responsible for reporting compliance with these requirements to the Global CISO and Brand (or Business) Executives.

Essential Functions:

• Prioritize, oversee, and manage security and compliance related projects and business-as-usual activities in the brand, ensuring successful execution and reporting. These projects and activities span across Identity and Access Management, Governance Risk and Compliance, Security Architecture, Maritime Safety, Infrastructure Application and Data Security, and Threat Management.

• 1. Resource Allocation: Proposing and allocating funds for security tools, software, and hardware to protect the company's information assets.
• 1. Risk Management: Budgeting for risk assessments, penetration testing, and other security assessments to identify vulnerabilities and mitigate risks.
• 1. Compliance: Proposing and allocating funds for compliance efforts to meet legislative and regulatory requirements related to information security.
• 1. Continuous Improvement: Allocating funds for ongoing security improvements, such as security updates, patches, and upgrades to existing security infrastructure.

• Policy and standards adherence: Ensure that the brand IT adheres to corporate security policies, standards, and guidelines, and develop brand-specific security policies when necessary. Ensure compliance with relevant industry standards, regulations, and legal requirements related to information security

• Team management: Ensure that sufficient resources are allocated to the Brand for security, meeting the security requirements of the Domains. Plan and provide essential training to the core security team at the brand, fostering effective communication and maintaining favorable working conditions for the team

• Performance Metrics: Track standard key security performance indicators to measure and improve brand security posture, effectiveness and reporting the result back to the CISO office and Brand (or Business Unit's) Executives

• Stakeholder Management: Collaborate with the security domains, peer BISOs, brand IT leaders, audit and other brand stakeholder groups to share best practices, brand security agenda and manage expectations

• Vendor management: In case there would be security vendors at brand level, responsible for negotiating, cultivating and maintaining strong relationships with external suppliers. This role might involve overseeing contract negotiations, ensuring vendor compliance with agreed-upon terms, and mitigating risks to optimize the overall performance of the vendor ecosystem at brand level.

Qualifications:

• Bachelor's degree in Business Informatics, Business administration, Information Technology, Computer Science, Information Security

• Desired to have one of or more of the following certificates: CISM, CISSP. Desired to be trained in Project management, product management or Agile approach.

• 8-12 years of experience in roles relevant to information security. 2-3 years of team management or leadership experience.

• Deep understanding and familiarity with core concepts of network security, security architecture, security operation, vulnerability management, cloud security, application security, security awareness program and threat intelligence. Experience with security technologies and tools, including SIEM, IDS/IPS, endpoint protection, encryption, access control, firewalls, Vulnerability Management, etc. Strong knowledge of cybersecurity and privacy principles, frameworks, and best practices (e.g., NIST Cybersecurity Framework, PCI, SOX, GDPR)

• Team management, stakeholder management, communication and interpersonal skills. Ability to analyze complex security issues and provide timely and effective solutions.

• Master's degree in degrees relevant to Information Technology or Information Security preferred

• Previously acted as security manager or senior security consultant in mid to large organizations preferred

Knowledge, Skills and Abilities:

• Ability to comprehend and communicate the technical concepts related to cybersecurity in an effective way. Strong planning and project management skills and willingness to follow up on tasks and act effectively in cross functional situations.

Physical Demands: Must be able to remain in a stationary position at a desk and/or computer for extended periods of time.

Travel: Less than 25% non-shipboard travel likely

Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.

The range for this role's base salary is $120,800 - $180,000. Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival's discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including:

• Health Benefits:

• Cost-effective medical, dental and vision plans

• Employee Assistance Program and other mental health resources

• Additional programs include company paid term life insurance and disability coverage

• Financial Benefits:

• 401(k) plan that includes a company match

• Employee Stock Purchase plan

• Paid Time Off

• Holidays - All full-time and part-time with benefits employees receive days off for 7 company-wide holidays, plus an additional floating holiday to be taken at the employee's discretion.

• Vacation Time - All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year. All employees gain additional vacation time with further tenure.

• Sick Time - All full-time employees receive 80 hours of sick time each year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.

• Other Benefits

• Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends

• Personal and professional learning and development resources including tuition reimbursement

• On-site preschool program and wellness center at our Miami campus

#LI-Hybrid

#LI-SC1

About Us

In addition to other duties/functions, this position requires full commitment and support for promoting ethical and compliant culture. More specifically, this position requires integrity, honesty, and respectful treatment of others, as well as a willingness to speak up when they see misconduct or have concerns.

Carnival Corporation & plc is a global cruise company and one of the largest vacation companies in the world. Our portfolio of leading cruise brands includes Carnival Cruise Line, Holland America Line, Princess Cruises and Seabourn in North America; P&O Cruises, and Cunard Line in the United Kingdom; AIDA in Germany; Costa Cruises in Southern Europe; and P&O Cruises in Australia. Our employees have a responsibility to be accountable for all actions. We consider the environment in all aspects of our business and have a responsibility to put safety andsustainability first. We live and share a positive attitude which is based on fostering an environment of inclusion, trust, a willingness to listen, openness and integrity.

Carnival Corporation & plc and Carnival Cruise Line is an equal employment opportunity/affirmative action employer. In this regard, it does not discriminate against any qualified individual on the basis of sex, race, color, national origin, religion, sexual orientation, age, marital status, mental, physical or sensory disability or any other classification protected by applicable local, state, federal and/or international law.

Benefits as a member of Carnival's Team:

• A comprehensive benefit program which includes medical, dental and vision plans

• Additional programs include company paid term life insurance and disability coverage and a 401(k) plan that includes a company match

• Employee Stock Purchase plan

• Paid vacation and sick time

• Cruise benefits

• An on-site fully accredited preschool educational program located at our Doral campus

• An on-site Wellness Center and Health clinic at our Doral campus

To view a copy of Carnival's FMLA, EEO and EPPA posters please visit: (click or copy and paste link into your browser).

~~~. gov/sites/dolgov/files/WHD/legacy/ files/fmlaen.pdf

~~~. gov/ofccp/regs/compliance/posters /pdf/eeopost.pdf

~~~. gov/sites/dolgov/files/WHD/legacy/ files/eppac.pdf

https: //www.dol. gov/ofccp/regs/compliance/posters /pdf/OFCCP_EEO_Supplement_Fi nal_JRF_QA_508c.pdf