Third Party Security Risk Management Manager
Company: Carnival Corporation & plc
Location: Miami
Posted on: November 15, 2024
Job Description:
Job DescriptionThe Third-Party Security Risk Manager is
responsible for the management, development, and oversight of the
Third Party Security Risk Management (TPSRM) program. The goal of
this role is to effectively identify, evaluate, monitor, and manage
information security risks associated with third party business
partners that do work for, or have access to Carnival's data.
Primary activities include assessing third-party security risks,
facilitation of the due diligence assessment process, and ensuring
contractual requirements are implemented into legal
agreements.Additional responsibilities include managing service
level agreements for assessment reviews, working with our resident
engineer for troubleshooting and enhancing functionality within the
assessment tool (OneTrust), and acting as the primary escalation
liaison between the TRPM team and the business owners of
third-party relationships.Strong process management and
communication skills are required for this role. A sound knowledge
of the industry and TPRM experience will be applied to assist
leadership with ongoing strategic efforts, such as: integration
with surrounding global functions and systems, global program
facilitation and reporting capabilities, management of professional
services and associated KPIs, and implementation of additional
program automation and identified development
opportunities.Essential Functions:
- Serve as the GCS TPSRM subject-matter-expert to identify,
evaluate, and manage risks associated to third parties processing
or accessing personal and/or confidential data on Carnival's
behalf.
- Facilitate TPSRM due-diligence processes across business units;
drive appropriate stakeholder participation in the assessment,
evaluation, and acceptance of risk.
- Manage vendor relationships, field inquiries, and
oversee/assist in the vendor assessment process utilizing the
RiskRecon platform.
- Assess procedures and controls to ensure compliance with
applicable company and industry standards.
- Development of dashboard and reporting capabilities for the
TPRM program; provide leadership reporting as required
(weekly).
- Conduct training as required throughout company business units
to enhance TPRM awareness and compliance.
- Support program lead with all additional ongoing strategic
projects in place to enhance program maturity.Qualifications:
- Education: Bachelor's degree in a Cybersecurity related
field.
- Required Certifications: Nice to have: CTPRP, CISSP, CISM,
CRISC.
- Required Years and Area of Professional Experience: 5
years.
- Critical Professional Related Technical/Computer Skills:
Excellent oral and written communication, presentation, and
collaboration skills. Strong organization skills with the ability
to deal with multiple tasks and projects simultaneously. Experience
working with legal to conduct contract language reviews. Experience
with GRC tools used to conduct TPRM due diligence assessments,
preferably OneTrust.
- Other Requirements: Experience with the Microsoft Professional
Office Suite, including Teams, SharePoint, and Office.
- Preferred Education: Master's in Cybersecurity.
- Preferred Experience and Type: Possess strong organization and
communication skills and can communicate security processes and
associated risks to non-technical business stakeholders. Has a
solid understanding of key security frameworks, including NIST CSF,
PCI-DSS, SOX, ISO, etc. Candidate will need to develop a deep
understanding of the company structure, key stakeholders, products,
and policies/standards to facilitate resolution amongst groups with
conflicting priorities. Excellent leadership, project management,
and presentation skills. Must be able to work independently and
efficiently in a remote working environment.Knowledge, Skills &
Abilities:
- Third Party Risk Management, Presentation, Risk
Management.Decision Making:
- Tactical: Decisions focus on intermediate-term issues. The
purpose of decisions made at this level are to help move CCL closer
to reaching strategic goals. Outcomes are predictable.
- Operational: Decisions focus on day-to-day activities within
the company. Decisions made at this level help to ensure that daily
activities proceed smoothly and therefore help to move the company
toward reaching a strategic goal.
- Standard: These decisions are those that are repetitive
decisions on a recurring basis and are commonly related to daily
activities.Travel: No or very little travel likely.Work Conditions:
Work primarily in a climate-controlled environment with minimal
safety/health hazard potential.This position is classified as
'in-office.' As an in-office role, it requires employees to work
from a designated Carnival office in South Florida from Tuesday
through Thursday. Employees may work from home on Mondays and
Fridays. Some positions may require additional in-office time each
week and final schedule is determined by your leader. Candidates
must be located in (or willing to relocate to) the Miami/Ft.
Lauderdale area.Offers to select candidates will be made on a fair
and equitable basis, taking into account specific job-related
skills and experience.
#J-18808-Ljbffr
Keywords: Carnival Corporation & plc, North Lauderdale , Third Party Security Risk Management Manager, Executive , Miami, Florida
Didn't find what you're looking for? Search again!
Loading more jobs...