The Sr Analyst, IT Compliance is responsible for ensuring that IT practices adhere to relevant laws, regulations, and industry standards, such as Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) compliance. The role facilitates compliance of applications and infrastructure. The Sr. Analyst conducts assessments and implements controls to mitigate risks related to regulatory requirements. The role will maintain absolute confidentiality of sensitive files, data and materials accessed, discussed, or observed while adhering to compliance policies and procedures

Job Functions:

Regulatory Compliance Assessment: Conduct regular assessments by collecting and reviewing evidence demonstrating the organization’s compliance with applicable laws, regulations, and industry standards. This includes interviewing stakeholders to ensure compliance requirements are met and understood. Review policies, procedures, and controls to ensure alignment with requirements. Collaborate with cross functional teams to resolve compliance issues.

Compliance Monitoring and Reporting: Monitor ongoing compliance activities, track regulatory changes, and prepare reports for management and regulatory agencies. Document compliance findings, issues, and remediation efforts. Conduct impact assessments to determine the impact of regulatory changes and report findings to leadership. Assess compliance-related risks and develop risk mitigation strategies. Stay abreast of regulatory changes and industry developments to ensure compliance programs remain current and effective.

Internal Audits and Reviews: Conduct internal assessments and reviews to evaluate the effectiveness of controls and identify areas for improvement. Review access controls, data protection measures, and security configurations. Respond to Internal Audit and other stakeholder's findings and inquiries, preparing official documentation where appropriate.

Vendor and Third-Party Compliance Management: Assess the compliance of vendors and third-party service providers to ensure they meet all security and regulatory requirements.

Policy and Procedure Development: Review and provide input to update IT policies, procedures, and standards to address compliance requirements. Help create documents such as acceptable use policies and data retention policies plans. Publish and communicate policies and procedures to stakeholders.

Training and Awareness: Maintain a high degree of familiarity with compliance policies, standards, and procedures. Provide training and awareness programs to educate stakeholders about compliance requirements and best practices.

Identify opportunities for automation in current compliance activities and leverage technologies to modernize and streamline team workflows.

Qualifications:

A Bachelor’s degree in computer science , IT compliance, audit, or related area is required. An advanced degree is highly desirable particularly and excellent verbal and written communication skills. Master’s degree a plus.

CISSP, CCEP, or CISA equivalent is desirable

5+ years of experience in Information Technology and Information Security/Compliance with the focus on executing compliance framework and programs such as PCI-DSS, SOX, HIPAA, etc. 5+ years of Information/Cybersecurity and Compliance experience. 5+ years of technology project management with experience building process, controls, operating procedures, and guidelines.

Knowledge in various compliance regulations such as PCI-DSS, SOX, HIPAA, GDPR, NIST, etc. Knowledge of information technologies components as networking, security, different OSs, DB environments.

Previous experience performing security and compliance assessments

Knowledge, Skills Abilities:

Strong analytical and organizational skills. Ability to think critically. Knowledge in process improvement practices. Excellent communication and presentation skills (both written and verbal). Ability to communicate effectively at all levels of the organization. Ability to manage and build large/complex data sets. Ability to work independently (including remotely) and multi-task, managing multiple assignments and deadlines. Skill to meet deadlines while ensuring quality results. Ability to drive and lead conversations, coordinating work among different parties. Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues. Strong ability to troubleshoot problems. Attention to detail is a must. Proficient in documentation and creating operating, assessments, and audit procedures. Ability to create high-quality technical documents. Experience with complex risk-based approach to internal and external compliance efforts. Proficient with Microsoft Office Suite. Able to achieve desired goals and objectives while maintaining the respect and support of the organization.Physical Demands: Must be able to remain in a stationary position at a desk and/or computer for extended periods of time. Requires regular movement throughout CCL facilities.

Travel: Less than 25% travel shipboard likely.

Work Conditions: Work primarily in a climate-controlled environment with minimal safety/health hazard potential.

This position is classified as “in-office.” As an in-office role, it requires employees to work from a designated Carnival office in South Florida Tuesday through Thursday each week. Employees may work from their homes on Mondays and Fridays. Candidates must be located in (or willing to relocate to) the Miami/Ft. Lauderdale area.

Offers to selected candidates will be made on a fair and equitable basis, taking into account specific job-related skills and experience.  

At Carnival, your total rewards package is much more than your base salary. All non-sales roles participate in an annual cash bonus program, while sales roles have an incentive plan. Director and above roles may also be eligible to participate in Carnival’s discretionary equity incentive plan. Plus, Carnival provides comprehensive and innovative benefits to meet your needs, including:

Health Benefits:

Cost-effective medical, dental and vision plans

Employee Assistance Program and other mental health resources

Additional programs include company paid term life insurance and disability coverage 

Financial Benefits:

401(k) plan that includes a company match

Employee Stock Purchase plan

Paid Time Off

Holidays – All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays to be taken at the employee’s discretion. 

Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year.  All employees gain additional vacation time with further tenure.

Sick Time – All full-time employees receive 80 hours of sick time each year.  Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.  

Other Benefits

Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends

Personal and professional learning and development resources including tuition reimbursement 

On-site preschool program and wellness center at our Miami campus

#LI-Hybrid

#LI-SH1

About Us

Carnival Corporation plc is the world’s largest leisure travel company, our mission to deliver unforgettable happiness to our guest through our diverse portfolio of leading cruise brands and island destinations, including Carnival Cruise Line, Holland America Line, Princess Cruises, and Seabourn in North America and Australia; PO Cruises and Cunard Line in the United Kingdom; AIDA in Germany; Costa Cruises in Southern Europe.

Join us and embark on a career that offers not only the chance to grow professionally but also the opportunity to be part of a global community that makes a difference.

In addition to other duties/functions, this position requires full commitment and support for promoting ethical and compliant culture. More specifically, this position requires integrity, honesty, and respectful treatment of others, as well as a willingness to speak up when they see misconduct or have concerns.

Carnival Corporation plc and Carnival Cruise Line is an equal employment opportunity/affirmative action employer. In this regard, it does not discriminate against any qualified individual on the basis of sex, race, color, national origin, religion, sexual orientation, age, marital status, mental, physical or sensory disability, or any other classification protected by applicable local, state, federal, and/or international law.

https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/fmlaen.pdf

https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf

https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/eppac.pdf

https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf