Analyst Sr., Vulnerability Reporting

Carnival Corporation•Miami, FL

4d•Hybrid

About The Position

The purpose of this position is for a highly skilled and experienced Senior Vulnerability Management Analyst to join our Information Security team. The ideal candidate will be responsible for identifying and assessing vulnerabilities across our IT infrastructure. This role requires a deep understanding of cybersecurity principles, strong analytical skills, and the ability to work collaboratively with various teams to enhance our security posture. Scope: The Senior Vulnerability Management Reporting Analyst serves as a key contributor within the organization’s Cybersecurity and Risk Management function, transforming complex vulnerability data into clear, actionable insights that guide strategic decisions across both shoreside operations and the global fleet. Operating as a subject ‑ matter expert, the role collaborates with IT, Security Operations, Infrastructure, Compliance, and Fleet Technology teams to ensure consistent reporting, accurate risk visibility, and effective prioritization of remediation efforts. With enterprise ‑ wide reach and influence, the analyst strengthens the organization’s overall security posture by maintaining a unified reporting framework, improving data quality, and enabling leadership at all levels to understand and act on emerging risks that impact global operations and critical assets. Problem solving: The core problem this new role is designed to solve is the lack of clear, consistent, and actionable visibility into the organization’s vulnerability posture across both shore and fleet environments. Right now, vulnerability data often lives in multiple systems, is interpreted differently by different teams, and doesn’t always translate into meaningful insights that drive timely remediation or informed decision ‑ making. By centralizing reporting, standardizing metrics, and elevating analysis, the Senior Vulnerability Management Reporting Analyst closes the gap between raw technical data and the strategic understanding leaders need to manage cyber risk effectively across a global, highly distributed operation. Impact: This role creates a ripple effect across the entire organization because it finally gives the business a unified, trustworthy view of cyber risk something that has been difficult to achieve across diverse shore and fleet environments. By elevating the quality, consistency, and clarity of vulnerability reporting, the role enables leaders to make faster, more informed decisions, helps technical teams prioritize the right remediation work, and strengthens compliance efforts across global operations. It reduces blind spots, improves coordination between departments, and ultimately raises the organization’s overall security maturity. The impact is enterprise ‑ wide: better risk visibility, stronger protection of critical assets, and a more resilient business. Leadership: This position will need to have strong leadership skills to be able to work with multiple different brands but will have no direct reports. For all roles: Knowledge: Understanding of workplace policies and procedures / Familiarity with team collaboration tools and techniques. Skills: Strong time management and organizational skills Abilities: Ability to maintain reliable and consistent attendance / Capacity to be punctual and meet deadlines / Ability to collaborate effectively with colleagues and work as part of a team / Demonstrated professionalism in all interactions and tasks.

Requirements

Extensive experience with vulnerability management platforms (e.g., Qualys, Tenable, Rapid7)
Strong understanding of cybersecurity principles, threat landscapes, and risk ‑ management frameworks
Proficiency in data analysis and reporting tools such as Power BI, Tableau, Excel, or Splunk
Ability to interpret complex technical data and translate it into meaningful insights for non ‑ technical audiences
Familiarity with cloud environments, enterprise IT infrastructure, and OT/ICS environments (especially relevant for fleet operations)
Demonstrated ability to build dashboards, KPIs, and standardized reporting frameworks
Experience performing trend analysis, risk scoring, and data quality validation
Strong attention to detail and ability to identify patterns, anomalies, and emerging risks
Ability to prioritize vulnerabilities based on business impact, exploitability, and operational context
Experience working with IT, Security Operations, Infrastructure, Compliance, and operational technology teams
5–7+ years of experience in cybersecurity, vulnerability management, risk analysis, or related fields
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience
Ability to operate independently at a senior level and make informed recommendations
Experience improving processes, standardizing reporting, and driving continuous improvement
Comfort working in a global, distributed environment with both shore and fleet operations
Ability to influence without authority and drive alignment across diverse stakeholders
Strong communication skills, including the ability to brief senior leadership and simplify complex topics
Understanding of workplace policies and procedures
Familiarity with team collaboration tools and techniques
Strong time management and organizational skills
Ability to maintain reliable and consistent attendance
Capacity to be punctual and meet deadlines
Ability to collaborate effectively with colleagues and work as part of a team
Demonstrated professionalism in all interactions and tasks

Nice To Haves

Relevant certifications such as Security+, CySA+, CEH, GSEC, or other GIAC certifications (preferred but not required)

Responsibilities

Develop and track key performance indicators (KPIs) to measure the effectiveness of the vulnerability management program
Generate regular reports on the status of vulnerabilities and remediation efforts
Ensure tools are properly configured and integrated with other security and IT systems
Conduct regular vulnerability assessments using tools such as Qualys
Collaborate with IT and development teams to ensure timely remediation of identified vulnerabilities

Benefits

Cost-effective medical, dental and vision plans
Employee Assistance Program and other mental health resources
Additional programs include company paid term life insurance and disability coverage
401(k) plan that includes a company match
Employee Stock Purchase plan
All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays to be taken at the employee’s discretion.
All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year. All employees gain additional vacation time with further tenure.
All full-time employees receive 80 hours of sick time each year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.
Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends
Personal and professional learning and development resources including tuition reimbursement
On-site Fitness center at our Miami campus