RCG is a leading organization in the Cruise industry, committed to ensuring the safety, security and regulatory compliance of our maritime operations, guest, and employee data through cutting-edge technology and innovative cybersecurity measures. We are seeking a highly skilled and experienced Senior Director of Maritime Cybersecurity to join our team and lead our efforts in safeguarding our maritime assets and operations.
The Senior Director of Maritime Cybersecurity strategy and operations leads members of Business Enablement team that are focused on IT, Operational Technology, and Entertainment Technology innovation, enabling business capabilities securely and identifying opportunities for innovation. The role is responsible for leading New Build, Maritime Engineering, Maritime Security Superintendents and evolving the Security Officer on Ship program. The selected individual needs to have excellent communication skills to create bridges across the organization. They will be communicating with diverse stakeholder communities that support and drive varied strategic outcomes for the organization.
This role requires deep technical expertise in varied technologies (IT, OT, and ET) and must be agile to transform, understand modern technology. This individual must have in-depth knowledge of our security standards and baselines, assess new system architecture against them, and find ways to deliver security with enabling business agility. The expectation is that the Director will keep up with current attack surface for this organization and develop mitigation and remediation patterns. The Director will partner with the Business Information Security Officers (BISO) and digital product and technology teams, driving the creation and supporting the implementation of the security program. As a trusted technology advisor, the SR. Director will collect & provide technical requirements with oversight to ensure that Information Security controls continue to keep us aligned to varied evolving regulations and maritime requirements. Communicating our needs to Vendors, Shipyard, GMO, IMO and CLIA (Cruise Lines International Association).
ESSENTIAL DUTIES AND RESPONSIBILITIES:
The Senior Director of Maritime Cybersecurity will be responsible for developing, implementing, and overseeing a comprehensive cybersecurity strategy tailored to the unique challenges of the cruise industry, travel, and hospitality. This role requires a deep understanding of maritime operations, cybersecurity threats, and regulatory requirements. The successful candidate will lead a team of cybersecurity professionals and work closely with other departments to ensure the integrity, confidentiality, and availability of our maritime systems and data. Main responsibilities include:
- Manage and lead the cybersecurity new build, maritime cybersecurity officers & superintendents, and Maritime cybersecurity enablement engineers to develop and implement a robust cybersecurity strategy for maritime operations – This represents a team of about 15-20 subject matter experts plus multiple vendors that will be providing audits to ensure proper IMO compliance.
- Stay informed about the latest cybersecurity threats, trends, and technologies relevant to the maritime industry.
- Advise executive leadership such as ship masters, chief electrical engineers, casino and hotel directors on cybersecurity risks and mitigation strategies.
- Serve as highly technical security experts to bring security transformation to both new and legacy infrastructure.
- Utilize data to driven innovation to thwart attacks against our Maritime, Port and Shoreside Vacation destinations.
- Deploy modern technologies quickly, and successfully transition new platforms to the Security Operations Team for ongoing support.
- Lead & Innovate the Maritime Cybersecurity teams to ensure that our fleet meets cybersecurity regulatory requirements.
- People leadership - Attract, motivate, and retain exceptionally talented security operations staff.
- Technical mentorship - Develop technical talent and professional skills within the team.
- Produce and track against key performance indicators that demonstrate the health and effective maintenance of our security systems.
QUALIFICATIONS:
- 10+ years of information technology experience, including 6+ years of specialization in Information Security roles that include multiple areas of specialization.
- Experience in Security Engineering, Architecture, DevSecOps and/or Security Consultation experience preferred.
- Bachelor’s degree in information security or equivalent.
- Expert knowledge of securing Active Directory, Azure AD, and cloud environments.
- Experience building and securing solutions in Azure, AWS (Amazon Web Services), and similar cloud environments.
FINANCIAL RESPONSIBILITIES:
- Expected to create and manage projects within budget.
- Solid understanding of accounting rules for expense and capital activities.
- Ensures efficient utilization of staff and non-labor resources and accurate forecasting.
- Solid understanding of IT estimation activities. May lead large/complex estimation activities.
- Accountable for financial implications and cost of systems and services.
- Responsible for defining optimization opportunities to reduce operational expense.
KNOWLEDGE AND SKILLS:
- Understanding of compliance requirements with international, multi-national, and industry-specific cybersecurity regulations and standards for our industry (e.g., IMO, NIST, ISO).
- Experience developing and enforcing cybersecurity policies, procedures, and best practices.
- Strong application process flow and problem-solving techniques.
- Relates well to constraints experienced by business partners and finds practical, win-win solutions.
- Analyzes customer needs; ensures solutions meet business and security requirements.
- Holds self and others accountable for meeting customer needs and expectations in a timely, professional manner.
- Maintains high personal accountability; takes ownership of issues, develops effective remediation approaches, and drives for results.
- Ability to negotiate and influence without authority.
- Implement risk mitigation strategies and manage incident response plans.
- Lead efforts to ensure the security of operational technology (OT), entertainment technology (ET), and information technology (IT) systems across our shipboard threat landscape.