Royal Caribbean Group

Senior Analyst, Third-Party Risk Management

Royal Caribbean Group

full-time

Posted on:

Location Type: Office

Location: MiramarFloridaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

Cyber SecurityServiceNow

About the role

  • Conduct comprehensive cybersecurity risk assessments for new and existing vendors
  • Evaluate vendor security posture against industry standards (e.g., NIST, ISO 27001, CIS)
  • Maintain ongoing monitoring of third-party risks using tools and platforms (e.g., BitSight, OneTrust)
  • Develop and present risk reports to leadership, highlighting critical findings and remediation plans
  • Ensure third-party engagements comply with internal security policies and regulatory requirements (e.g. GDPR, HIPAA, PCI DSS)
  • Collaborate with Legal and Procurement teams to integrate security requirements into contracts and SLAs
  • Work with vendors to address identified gaps and track remediation progress
  • Escalate high-risk findings and recommend risk treatment strategies
  • Support the enhancement of the TPRM program, including process improvements and automation
  • Assist in developing risk scoring methodologies and vendor tiering models
  • Partner with internal teams (IT, Compliance, Procurement) to align risk management objectives
  • Provide guidance and training on third-party risk best practices

Requirements

  • Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or related field
  • Relevant certifications preferred (e.g., CISSP, CISM, CRISC)
  • 3-4 years in cybersecurity risk management, with at least 2 years focused on third-party/vendor risk
  • Strong understanding of risk assessment methodologies and regulatory frameworks
  • Proficiency in risk management tools and platforms
  • Excellent analytical, communication, and stakeholder management skills
  • Ability to interpret technical security controls and translate them into business risk impact
  • Proficiency in GRC and TPRM platforms (e.g., OneTrust, ServiceNow GRC preferred) and risk assessment tools
  • Strong understanding of information security frameworks (e.g., NIST CSF, ISO 27001)
Benefits
  • Competitive compensation and benefits package
  • Excellent career development opportunities
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cybersecurity risk assessmentsrisk assessment methodologiesrisk scoring methodologiesvendor tiering modelsrisk managementthird-party risk managementregulatory compliancetechnical security controlsprocess improvementsautomation
Soft Skills
analytical skillscommunication skillsstakeholder managementcollaborationguidancetraining
Certifications
CISSPCISMCRISC