Analyst, Information Security

Analyst, Information Security 

Great vacations begin with great employees!
Combine your experience and sense of adventure by joining our exciting team of employees in Miami, Florida.  Royal Caribbean Cruises Ltd. is pleased to offer a competitive compensation & benefits package, and excellent career development opportunities, each offering unique ways to explore the world. 

Position Summary

UCM, from an information security (IS) perspective, is the management of IS-related regulatory and contractual requirements within the RCCL digital information value/supply chain. The goal of the RCCL Information Assurance UCM program is to create and manage an automated, auditable, repeatable and demonstrable program to manage IS-related compliance efforts and reporting to diverse internal and external audiences.

The UCM Analyst assists with development and implementation of the global UCM program based on regulatory and contractual IS requirements balanced with business requirements. Holistic view to integrating UCM efforts into overall corporate risk management vision is an essential component of the program.

Within the UCM program, IS regulatory and contractual requirements and applicable standards will be monitored and tracked in a standard methodology. Current applicable laws, standards and regulations (including, but not limited to, Cruise Line Industry Association (CLIA) Cybersecurity Standards, US Cybersecurity Framework, Payment Card Industry Data Security Standard (PCI DSS), Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), European Union General Data Protection Regulation (GDPR) and ISO IS guidance) will be examined and documented in collaboration with global RCCL business groups. Future IS regulatory and compliance requirements (such as the new China Cybersecurity Law of 2016) will be assessed and documented as appropriate. Compliance key risk identifiers (KRIs), key performance indicators (KPIs), appropriate reporting metrics and effective risk registers will be developed and maintained. Master schedules and cadence of applicable compliance reporting updates, assessments, and/or business interaction to approve and/or maintain global IS compliance will be deployed. This is a visible role within shoreside and shipboard business activities as well as external audit and assessment agencies, vendors, and other third parties.

The UCM Analyst reports to the UCM Lead and works in a team environment responsible for documenting schedules, procedures and associated program collateral. In order to effectively align the UCM program with corporate risk management vision, the UCM Analyst will participate in collaboration efforts with IS leadership as well as key personnel within Information Technology (IT), Legal, Crisis Management, Compliance and Ethics, Human Resources, Internal Audit and global business management. This ensures the UCM program is providing IS compliance to a diverse number of regulatory agencies and third parties.

The UCM Analyst and team, collaborating with other IS staff, will review proposed cloud-based, traditional batch, and other system connectivity through the use of structured interview processes, questionnaires and project participation in order to understand and assess IS compliance requirements and risk. Of critical importance will be the establishment of a common repository of audit and assessment statements that are portable across all regulatory and contractual requirements. This alleviates the need to recreate responses each time a compliance question is posed. The UCM Analyst will participate in legal contract review specific to IS language for proposed business connectivity. Finally, the UCM Analyst will assist with the delivery of an annual Information Security Annual Report containing information about the IS program at RCCL.

Career Snapshot

  • Assist in the creation and deployment of global UCM program schedules, inventories, catalog systems and procedures.
  • Collaborate with RCCL business sponsors and third parties to initiate, conduct and close compliance activities and assessments in a timely manner.
  • Deploy and enhance automated unified compliance tools and associated provisioning processes to provide transparent reporting on UCM activities and portfolio management.
  • Deploy and populate cloud-based or other provisioned governance, risk and compliance (GRC) tools.
  • Develop and promote common controls portfolios to support one version of the truth in all compliance activities using Standard Information Gathering (SIG) tools or equivalent.
  • Integrate SOX controls requirements into TPRM automated tool and processes to ensure consistent treatment of third party SOX-related risks.
  • Coordinate and participate in PCI DSS compliance program activities, including annual penetration testing, quarterly vulnerability scans, annual gap/readiness assessment and annual compliance filing activities.
  • Participate in global steering committees and activities pertaining to new or updated compliance rules, laws, regulations and/or standards.
  • Ensure potential risks associated with IS regulatory and contractual compliance are examined thoroughly, escalated and communicated in a pragmatic, risk-based approach.
  • Interact with key personnel within Procurement, Information Technology (IT), Legal, Crisis Management, Compliance and Ethics, Human Resources, Internal Audit and global business management.
  • Ensure communication, measurement and compliance metrics to UCM policies and procedures are established and tracked.
  • Participate in established project management office (PMO) protocols to integrate UCM requirements (Initiation/Planning/Analysis/Design/Build/Test/Deploy/Closeout).
  • Actively engage in liaison activities with industry associations, peer institutions, regulatory and contractual agencies/organizations and IS information sharing communities.
  • Provide status reporting, activity scheduling, artifact collection and management, and other supporting tasks.


  • 5+ years' experience in internal/external IS/internal audit roles.
  • 5 years' recent work experience in a UCM role or equivalent.
  • 5+ years' experience with leading and managing complex and detailed program startup efforts.
  • Recent experience in GRC tools (RSA Archer or Lockpath as examples) or ability to quickly learn GRC tool methodologies.
  • Experience performing detailed and comprehensive research into prevailing regulatory and contractual IS requirements, governance frameworks/standards, industry leading practices and industry research reports.
  • Ability to attain (or already possess) one or more of the following certifications: Project Management Professional (PMP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC).
  • Bachelor's degree or higher education level is required.
  • Demonstrated experience in performing audit/compliance assessments.
  • Experience in SOX controls and PCI DSS requirements.
  • Ability to produce high quality oral and written work product, presenting complex technical matters clearly and concisely.
  • Experience reviewing legal language specific to IS requirements of both RCCL and external third parties for appropriateness.
  • Displays sound judgment with a high level of integrity, ethics and ability to calmly, diplomatically and effectively deal with stressful situations.
  • Able to formulate, communicate and track exceptions/findings and technical solutions.
  • Proven ability to collaborate with technical and business peers.
  • Demonstrate a degree of creativity with strong analytical and problem solving skills
  • Strong with methodologies, tools, best practices and processes within specific area of responsibility; emphasis on experience with global IS contractual and regulatory requirements.
  • Excellent verbal, presentation and written communication skills for both technical and non-technical audiences.
  • Strong problem solving, decision-making, reporting, communication and management skills.
  • High familiarity with global privacy and IS forums, think-tanks, academic sources and industry special interest groups specialized in UCM domains and topics.

Join our team as Analyst, Information Security. Once you apply, it will take you 10-15 mins to complete our application, which will help us better qualify your candidacy.   If you are being considered for this position you will hear back from us within the next 30-60 days.  During this time, you can view your application status on our career site. 

Join us at Royal Caribbean Cruises Ltd., where great vacations begin with great employees!

RCL is an Equal Employment Opportunity employer.