AVP of Governance, Risk & Compliance; GRC

LOCATION: Miramar, FL

REPORTS TO: VP, Information Security

POSITION OVERVIEW

The AVP of Governance, Risk & Compliance (GRC) will ensure technology and business teams comply with external regulations and internal requirements. This role will lead efforts to achieve continuous compliance by partnering with technology, business, and brand teams to adhere to policies, reduce security risks, and maintain compliance. The initial focus will be to establish and advance an IT GRC framework supporting RCCL's global environments, including shoreside, shipboard, subsidiaries, mobile, and cloud services.

This position will also define and direct activities to meet regulatory requirements such as GDPR, SOX, PCI, HIPAA, and Privacy.

The GRC Associate Vice President (AVP) is a leader with a strong knowledge of security frameworks, controls – NIST CSF, and audit techniques, which seeks to improve how compliance programs are implemented and maintained. The ideal candidate will bring a passion for improving the customer experience by easing operational burdens associated with compliance and will focus on enhancing transparency across the security landscape.

Candidates must have a proven track record of leadership in enterprise-level information security. They should be able to translate complex technical information into strategic insights for technical leaders and simplify it for business leaders. This role demands high intellectual acumen and the ability to make complex technical details accessible to technical and non-technical stakeholders.

The GRC AVP will lead a global team of 30+ cybersecurity and compliance professionals and manage a portfolio of 15 products and technologies to ensure proper compliance, making risk visible for leaders and employees across RCG.

We seek for a hybrid GRC leader - Envision a balance between GRC and oversight in the governance piece and interfacing and interacting with the technical side, in partnership with our Business Information Security Officers (BISOs) and Business Enablement Engineers (BEEs).

Engagement, exposure, and significant involvement with the technology leaders, business leaders, and the Global CISO, participating in compliance, analytics, third-party risk management, etc.

As the GRC AVP, you will oversee maritime business enablement and related areas, ensuring compliance for internal and external stakeholders and their regulators, as well as managing critical performance (KPIs) and risk (KRIs) indicators. You will also develop and implement strategies to manage and mitigate risks across the organization.

Understands the balance between governance/risk/compliance, the various other dynamics of a security program, business enablement engineers, and the needs and goals of business and executive stakeholders and can straddle both in a leadership role.

Candidates should have experience in developing and empowering team members, including BISOs and experts in governance, compliance, cyber risk posture management, and human risk management. They should also be able to partner with business enablement engineers across all areas of the cybersecurity program, such as identity and access management and cyber defense operations.

RESPONSIBILITIES

Governance and Compliance Strategy: Create a global, enterprise-wide cybersecurity risk and compliance strategy aligned with organizational priorities, business objectives, regulatory requirements, and evolving risks.

Team Leadership: Lead and grow a global team of cybersecurity professionals, managing risk, compliance, assessments, reporting, metrics, policy, awareness, and third-party risk management. The candidate will oversee teams including BISOs, Maritime Cybersecurity Compliance, Service Now GRC Development, Information Risk Management, Third-Party Risk Management, Regulatory IT Compliance, Human Risk Management & Awareness, and Cybersecurity Posture Management.

Peer Interaction: The candidate will work closely with the following peer leaders:
Cyber Defense Operations, Identity and Access Management, Cybersecurity Business Enablement and Strategy, and Counter Threat Operations.

Program Risk…