Full-time
Director, Risk Management & Compliance - Norwegian Cruise Line Holdings Ltd. - Miami, FL

Leads the development, implementation and maintenance of corporate-wide Information Security Policies, Programs and Standards. Assists the Chief Information Security Officer (CISO) with regulatory compliance, analyzing security risks, recommending and implementing security safeguards, monitoring compliance with security laws and regulations. Interacts with technical and business management and personnel to meet business requirements in a secure manner.

POSITION RESPONSIBILITIES:
Develop and implement strategies to deploy governance, risk, and compliance frameworks to manage the security and IT risks associated within the enterprise function. Perform the design, implementation, and maintenance of internal information privacy and security policy, standards, and guidelines. Research, propose, analyze, design, and deliver internal security control implementation frameworks that are appropriate for the business and its technology strategies such as hosted-customer solutions, cloud services, e-discovery, tool evaluation, testing, and integration. Oversee projects that are assigned to the information security team that are in line with information security requirements, and as directed by the Chief Information Security Officer (CISO). Lead a security team in performing IT risk assessments and regulatory compliance control gap analyses; network/application layer and mobile device penetration testing; social engineering; and, security vulnerability assessments. Execute security initiatives including risk assessments, data classification, attack and penetration analysis, intrusion detection and response, policy compliance and communication, and awareness programs. Identify process risks, weaknesses and controls, and develop recommendations and plans to address vulnerabilities. Perform penetration testing, vulnerability scanning and health checking on devices and systems within the infrastructure. Must be familiar with security tools and practices in terms of penetration testing, vulnerability scanning and health checking. Evaluate new products, service offerings, and new internal applications to ensure that information assets are handled in accordance with laws, regulations and organization's information security policies. Design and perform Security Awareness Training to end-user, management, and technical audiences. EDUCATION: Bachelor's Degree in Computer Science, Information Security or related field of study; or any equivalent combination of relevant work experience and training. Master's Degree and industry related certifications or equivalent proven experience highly desirable. EXPERIENCE: 10 years of experience in the IT security field. Professional experience in running the information security office analyzing and applying information security, risk management and privacy practices. Consulting and general industry experience preferred. KNOWLEDGE & SKILLS: Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, PCI DSS, NIST, and GDPR. Working knowledge of UNIX operating systems. Good knowledge of networking and routing protocols. Experience with scanning and penetration testing tools such as ISS, Nmap, Nessus, Qualys, Nexpose, Metasploit, etc. Experience in Penetration Testing and hacking techniques. Good understanding and knowledge of security concepts, protocols, processes, architectures, and tools (authentication and access control technologies, intrusion detection, network traffic analysis, SIEM technology, incident handling, media/malware analysis, etc.). Excellent verbal and written communication skills. Ability to react to high pressure dynamic changing environments. Ability to train security concepts. Strong problem solving and analytical skills. Ability to effectively utilize resources throughout the organization as well as external vendors. Self-motivated, well organized, and strong innovation skills. Demonstrate a positive attitude, high professionalism and a commitment to corporate success.

Expired, click here to search for relevant jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.