Senior Analyst, Governance & Compliance - Carnival Global Brand

The Senior Analyst, Governance & Compliance is an integral addition to the GFIT Governance team and will be responsible for assisting the Sr. Manager, GFIT Governance in identifying opportunities to mitigate financial system risks as well as support the needs of our GFIT Governance program for all the applications that fall within the GFIT Environment. This position is the front line to the Operating Companies Management regarding security and compliance requirements over the financial systems, and as such has direct influence over the governance of Oracle eBS, APEX Applications, OBIEE, MarkView, BlackLine, Hyperion Planning, IT2, Lease Accelerator, SEAS and the governance software. This position is responsible for supporting the on-going analysis and identification of governance and compliance needs with the implementation of new applications, functionality or modules, through enhancements to the GFIT controls framework and overall process improvement. They will participate in the implementation of governance software and be responsible for the on-going administration and identification of opportunities to mitigate risks using the software to support the needs of the GFIT Governance program. The position will be tasked with ensuring that Governance Policies are followed and will liaise with representatives from internal audit and the external audit firms to verify and submit evidence of control effectiveness and gap remediation as needed.

Essential Functions:

• Responsible for technology-related compliance issues, including information security, business continuity and identity management for all the applications managed by GFIT
• Promotes the development of communications and supports all related GFIT campaigns for information security and compliance awareness
• Collaborates & coordinates with other internal controls-focused areas such as Global Information Security – Compliance & Security, Global Service Delivery, and other business compliance areas.
• Advise internal business stakeholders on security and compliance requirements and work in cross-functional partnership to help ensure those requirements are met.
• Monitor and govern application compliance with the GFIT policies and procedures via various monitoring tools. Tasks include but are not limited to the daily disposition of access and configuration alerts, the compilation and analysis of data, monitor database usage for appropriateness, facilitation and validation of access reviews, review of data rationalization for appropriateness, review of SOC reports along with periodic compliance and access reviews.
• Assist in the development and maintenance of the GFIT policies to support the GFIT security and compliance initiatives while complying with the overall Global Information Security Standards.
• Evaluate new policies and procedures for operational and control impacts and governance standards
• Manage the design and operationalization of any process or technology controls as required by applicable regulatory compliance frameworks.
• On-going analysis of governance and compliance needs and identification of enhancements to the GFIT internal controls, keep track of new regulations, industry best practices, implementation of new functionality or software, and implement continuous process improvement.
• Actively participate in the implementation of the GFIT governance software and be responsible for the on-going administration and identification of opportunities to mitigate risks using the software to support the needs of the GFIT Governance program.

Qualifications:

• Bachelor’s Degree in Accounting, Systems Management, Information Systems or equivalent is required
• A minimum 4 years overall experience in ERP risk management, IT Audit and/or compliance of financial systems
• Ability to interpret data and processes to identify potential security and compliance issues, risks and vulnerabilities. Ability to quickly understand financial systems in order to identify and validate security and compliance requirements. Extensive experience in internal controls and risk mitigation. Oracle and third party eBS applications including OBIEE, Kofax Markview, BlackLine, IT2, Hyperion, APEX Analytics, governance software, PowerBI and other reporting tools is helpful. Background in the Cruise Industry will be considered a plus
• Ability to manage multiple workstreams and projects simultaneously. Strong interpersonal, critical thinking and problem-solving skills. Strong communication skills - verbal, written, listening and presentation. Good communication and organizational skills, with the ability to work with all levels of management in offices across the organization. Highly motivated and detail oriented with the ability to work collaboratively and independently. Ability to work in a global team environment.
• Information Security Certifications such as ISACA, (ISC)2, CISM, CRISC, CIPP, or CISSP are a plus.
• Experience with adhering and monitoring for compliance with SOX, NISTT, GDPR, CCPA and other regulatory frameworks. Familiarity with the use of governance software to implement efficient and effective ways to monitor an ERP environment. Strong understanding of and be able to address remediation items to address security vulnerabilities and update processes
• IT audit, application security, policy compliance, general computer controls or technology risk management. Proficient in developing test scenarios/scripts, risk models and business procedures. Including complex enhancement requests. Strong knowledge of industry, regulatory and security compliance standards. Proficient in the design and implementation of effective IT security controls and policies. Experience working with internal and external auditors. Ability to work well under pressure and handle crisis situations professionally with internal and external personnel.
• In addition to other duties/functions, this position requires full commitment and support for promoting ethical and compliant culture. More specifically, this position requires integrity, honesty, and respectful treatment of others, as well as a willingness to speak up when they see misconduct or have concerns.