Risk Management Analyst

Norwegian Cruise Line Holdings Ltd. • Remote (Miami, FL, US) • 6d ago

JOB SUMMARY: Responsible for identifying, assessing, and mitigating risks that could impact the organization's operations, reputation, and financial performance. This position would also assist the team in working through the various vulnerability assessment requests including internal / external network and web layer, OS configuration, Firewall, and web application.

DUTIES & RESPONSIBILITIES:

Collaborate with the ITA Team to complete risk assessments for current or new vendors.
Assist the Risk Management Team with internal / external network and web layer assessment, penetration testing, validation requests, and follow-up, as assigned.
Collaborate with vulnerability remediation teams to develop and implement effective risk management strategies and help determine potential compensating controls for Exception requests, when necessary.
Collaborate with IT Compliance Team on PCI DSS and SOX related tasks, when required.
Proactively identify potential risks across the organization, including operational, financial, reputational, and strategic risks.
Evaluate the likelihood and impact of identified risks using quantitative and qualitative methods.
Ensure compliance with relevant risk management regulations and standards.
Assist in the investigation and resolution of risk-related incidents.
Perform additional job-related duties as needed.

QUALIFICATIONS

DEGREE TYPE: Bachelor's Degree

FIELD(S) OF STUDY: Risk Management, Cybersecurity, Computer Science, Finance, Economics, or related field of study.

EXPERIENCE:

Minimum 3 years of experience in risk management or a related field.

COMPETENCIES/SKILLS:

Excellent analytical and problem-solving skills.
Excellent written and verbal communication skills.
Ability to handle multiple tasks and changing priorities in a fast-paced, deadline-oriented environment. Ability to work independently and as part of a team.
Self-motivated, well organized, and strong innovation skills.
Strong attention to detail and organizational skills.
Proficiency in risk assessment and analysis techniques.
Must have network and web-related protocol knowledge such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc., including knowledge of security fundamentals and common vulnerabilities (e.g. OWASP Top Ten).
Familiarity with vulnerability management tools such as Qualys, Nexpose and Tenable.io.
Familiarity with Third party risk scoring tools like BitSight, ISS Fico, or Security Scorecard is a plus.
AI background, education, or framework knowledge.

CERTIFICATIONS/LICENSES: