Lead, Business Information Security Officer (BISO)

Journey with us! Combine your career goals and sense of adventure by joining our incredible team of employees at Royal Caribbean Group. We are proud to offer a competitive compensation and benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

We are proud to be the vacation-industry leader with global brands — including Royal Caribbean International, Celebrity Cruises and Silversea Cruises — the most innovative fleet and private destinations, and the best people. Together, we are dedicated to turning the vacation of a lifetime into a lifetime of vacations for our guests.

The Royal Caribbean Group’s Global Information Security Team has an exciting career opportunity for a full time Lead, Business Information Security Officer (BISO) reporting to the Senior Director, Information Risk Management.

This role will work in-person in Miramar, Florida.

Position Summary:

We are looking for a Lead, Business Information Security Officer (BISO) to be the Information Technology (IT) and Global Information Security (GIS) risk leader responsible for leading, developing, managing, and communicating information IT/IS risk to a NIST CSF based governance structure.  The BISO is the Information Security primary point of contact for the assigned IT and business unit teams, driving the creation and supporting the implementation of the security program. As a trusted advisor, the BISO will collect business requirements and will provide advice and oversight to ensure that Information Security policy is complied with for processes and systems. 

Combining business acumen with technical acumen, the BISO assists in improving the information security posture with respect to delivering services and partnering with the IT and business leadership.  The BISO will understand key assets and processes, identify and evaluate risks and controls, and suggest incremental controls or risk mitigation strategies where necessary.  Additionally, the BISO will communicate business compliance with Information Security Policy and Standards by continuously monitoring and reporting on risks and documented exceptions.  The BISO helps the business achieve their objectives while not compromising RCG security posture.

The successful candidate for this position will champion the risk management methodology and cultivate a team of IT/GIS subject matter experts with the brand(s) and support business verticals.  Additionally, it will opine on the risk organization and collaborate with a team of risk managers that informs management of IT application and third-party risk enterprise wide.  This position will require superior communication, networking, leadership and technical risk management skills.  RCG is regulated globally so the candidate should have good experience working with a variety of country specific privacy laws.

Essential Duties and Responsibilities:

• Act as the primary security contact, collaborating with business and IT leaders to balance risk/reward to improve security in IT applications and third-party engagements, developing deep understanding of business processes, systems, technologies, data, stakeholders and third-party partners.
• Partner with Compliance, Legal, IT resources to achieve effective working relationship that can further the effectiveness of the Information Security Program.
• Support goals for the team of IT risk managers who manage information security system and third-party risk program working alongside business and IT leadership to control information technology risk for the organization.
• Identify and report on metrics related to risk program and policy, communicating risk/reward scenarios to synchronize with RCG’s corporate governance framework.
• Advocates for required change and continuously manages policy and standards exceptions program.  Leads discussions and answers complex cross-functional policy and standards questions, forecasting best practice in policy.
• Support implementation of GRC and third-party security toolset for GIS organization.  Ensures collaboration with GRC stakeholders.
• Contributes to and aligns risk programs with the NIST CSF based information security program.
• Communicate, oversee and carryout technical implementation of security solutions required to meet business objectives.

Qualifications, Knowledge and Skills:

• Bachelors in Information Technology/Security, Computer Science, non-technical degrees with Computer Science fundamentals will be consider combined with technology experience.
• At least one Information Security certification such as CISSP, CRISC, CISM, CISA, etc.
• 3-5 years of Information Security, Information Technology, Risk, Audit and/or a combination of experience.
• 1-3 years of managing projects and/or teams. 
• 3-5 years of security program development or operations experience.
• Excellent executive level written and verbal communications.
• Strong relationship, team building and facilitation skills.
• Experience working in a matrix model, as BISO supports operational and transformation efforts for all brands and business units across RCG.
• Expert with Microsoft Office suite of applications, ability to rationalize raw technology metrics into meaningful reports at an executive level.
• Expert at creating purposeful metrics, KRI’s/KPI’s that convey risk messages and identify areas for improvement that are actionable by executive teams.
• Expert knowledge of information security frameworks such as NIST CSF, NIST RMF, ISO, etc.
• Knowledge of global privacy laws, regulations, and guidelines.
• Ability to articulate information security risk program to employees and third parties at all levels within and outside the organization.
• Domestic and international travel may be required, but no more than 10%.

We know there's a lot to consider. As you go through the application process, our recruiters will be glad to provide guidance, and more relevant details to answer any additional questions. Thank you again for your interest in Royal Caribbean Group. We'll hope to see you onboard soon!

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. Royal Caribbean Group and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.

#LI-MP1