Define, implement, and enforce IT security policies, standards, and procedures across all enterprise systems (cloud, on-prem, and shipboard).
Own and operate the Information Security Management System (ISMS) aligned with ISO 27001 / NIST frameworks.
Establish governance processes to ensure security is embedded in all IT initiatives and system lifecycle activities.
Maintain asset inventory and data classification in partnership with application and infrastructure owners.
IT Risk & Compliance Management
Lead IT-centric risk assessments across: Enterprise applications, Cloud platforms (AWS, Azure) and Infrastructure and networks (including shipboard systems)
Oversee compliance programs including: PCI DSS (primary focus), SOC 2, ISO 27001, NIST, HIPAA (as applicable), and Privacy requirements (GDPR, data protection regulations)
Maintain a centralized IT risk register and track remediation plans.
Coordinate IT audits, control testing, and evidence management.
Security Architecture & Engineering Integration
Establish and govern security architecture standards for IT systems, including Cloud-native environments (AWS, Azure) and Enterprise platforms (e.g., Salesforce, Snowflake, SaaS ecosystem).
Partner with IT and DevOps teams to embed security into: CI/CD pipelines (DevSecOps), Application development lifecycle and Infrastructure provisioning and configuration.
Define and enforce standards for Secure configurations, Logging and monitoring and Encryption and key management.
Identity & Access Management (IAM)
Lead IT initiatives for modern identity architecture, including: Single Sign-On (SSO), Multi-Factor Authentication (MFA), Zero Trust principles and Privileged Access Management (PAM)
Standardize and centralize identity governance across enterprise systems and shipboard environments.
Security Operations & Incident Response
Oversee IT security operations in partnership with SOC/MSSP providers, including: Monitoring and alerting, Vulnerability management programs, Endpoint, network, and cloud security tooling
Own and lead the IT Incident Response Program: Develop and maintain response plans and runbooks, Coordinate investigations for all IT security incidents, Conduct root cause analysis and remediation tracking, Execute tabletop exercises and response testing.
Shipboard IT Security Integration
Ensure IT security controls extend to shipboard infrastructure and systems, including: Ship-to-shore connectivity, Guest-facing platforms and crew systems, and Operational IT systems aligned with Safety Management System (SMS)
Collaborate with shipboard IT and operations teams to address unique constraints (bandwidth, remote environments, system distribution).
Third-Party & IT Vendor Security
Lead IT vendor security program, including: Security due diligence and onboarding, Risk assessments of SaaS, cloud, and technology vendors, Ongoing monitoring and c
Benefits
Vision insuranceRemote work options
Additional Information
Join the Ritz-Carlton Yacht Collection: Where Every Voyage is a Symphony of Luxury
Embark on an extraordinary journey with the Ritz-Carlton Yacht Collection, an exquisite extension of the renowned Ritz-Carlton brand, dedicated to redefining ultra-luxury hospitality at sea. As a "Lady or Gentleman" of our esteemed team, you'll be entrusted with the art of delivering the impeccable "Gold Standards" that have made the Ritz-Carlton an epitome of excellence across the globe.
The Essence of Excellence: The Gold Standards
The Gold Standards are the bedrock of the Ritz-Carlton experience, setting us apart in the industry and establishing a legacy of unparalleled service. These standards embody the values and culture that define our brand, and serve as the compass guiding our every endeavor.
The Employee Promise
At The Ritz-Carlton, our Ladies & Gentlemen are the most important resource in our service commitment to each other and our guests.
By applying the principles of trust, honesty, respect, integrity, and commitment, we empower and nurture talent to the benefit of each individual and the company.
The Ritz-Carlton fosters a culture where all are valued, quality of life is enhanced, individual aspirations are fulfilled, and The Ritz-Carlton Mystique is strengthened.
Join us on a journey where every day is a testament to the highest standard of luxury and service. Apply now and be part of an unparalleled legacy in hospitality.
Job Summary
The Senior Manager, Information Security & Compliance is responsible for establishing, operating, and continuously improving the company's IT security, risk, and compliance programs across both shoreside and shipboard technology environments.
This role ensures that enterprise IT systems, cloud platforms, applications, and data are secure, compliant, and resilient. The position requires a hands-on, IT-centric security leader who can embed security into infrastructure, cloud architecture, DevOps pipelines, and enterprise platforms, while operating effectively in a lean team model.
Ritzcarltonyachtcollection · Ft. Lauderdale