About Hapag-Lloyd
With a fleet of 264 modern container ships and a total transport capacity of 2.0 million TEU, Hapag-Lloyd is one of the world’s leading liner shipping companies. In the Liner Shipping segment, the Company has around 13,500 employees and 400 offices in 135 countries. Hapag-Lloyd has a container capacity of 2.9 million TEU – including one of the largest and most modern fleets of reefer containers. A total of 113 liner services worldwide ensure fast and reliable connections between more than 600 ports across the world. In the Terminal & Infrastructure segment, Hapag-Lloyd has stakes in 20 terminals in Europe, Latin America, the United States, India, and North Africa. The roughly 2,600 employees assigned to the Terminal & Infrastructure segment handle terminal-related activities and provide complementary logistics services at selected locations.

Introduction & Summary:

Hapag-Lloyd CISO is accountable on keeping the business secure and to safeguard customer trust by predicting, preventing, identifying, and responding to threats and make sure a quick recovery from cyber-related incidents. Whilst assisting Hapag-Lloyd management, business, and other areas, we enable our employees by providing usable and secure services and ensuring that security is part of our DNA. Our mission is to enable the company to continue doing business securely and efficiently.

Hapag-Lloyd is operating in an increasingly complex environment were disruptive technologies, new types of threats and new cyber security regulations create additional cyber risks for organizations. Digitization is a top priority as customer preferences are changing towards mobile and digital and is part of Hapag-Lloyd values: “We care, We move, We deliver”, which are the heart of everything we do.

The Information Security & Compliance Manager (m/f/d) leads our ISMS and compliance management for our cloud environments, like AWS and Azure and software development processes.

This Manager will identify the external requirements Hapag-Lloyd has to abide to and will derive the relevant controls of our ISMS in close collaboration with the security architects and technical experts. The candidate will manage compliance and assess the corresponding risks based on the reports from our services providers and internal processes in alignment with the technical experts. 

The role is a control function with additional strong consulting capabilities, to empower the business and IT to deliver the best services to our customers.

Responsibilities:

  • Create and drive our GRC strategy and execution in the area of cloud services and agile software development.
  • Define security controls and processes in close collaboration with our architects ensuring compliance and a high trust level at our cloud environment and DevOps processes
  • Support building an efficient, highly automated and easy to use Information Security Management System (ISMS) and DevSecOps process and creating compliant standard solutions.
  • Identify relevant external/regulatory requirements like KRITIS, TISAX, NIST in cooperation with the business, DPOs and Legal.
  • Transpose the external requirements into ISMS policies and controls in cooperation with experts like security architects and technical experts.
  • Manage compliance with relevant external requirements and selected industry standards like ISO 27001, TISAX, SOC2.
  • Educate and empower Hapag-Lloyd’s architects and developers about Information & Cyber Security Risks, regulations, and compliance to minimise associated risks.
  • Collaborate within the CISO department and with the IT and Business ones to ensure compliance and proper risk management across the organization.
  • Stay updated with the latest trends and emerging threats in information and cyber security, making recommendations for improvement.
  • Establish and maintain relationships with internal and external auditors, vendors, and industry experts for compliance and continuous improvement.
  • Manage information security policy violations with support of the ISMS and IS risk specialists.

Your profile:

  • Extensive experience in information & cyber security GRC or architecture roles.
  • Strong knowledge of information security principles, frameworks, and best practices.
  • Good understanding of current cloud architectures, cloud security, secure DevOps processes and AWS and Azure solutions.
  • Familiarity with microservices, serverless architectures, and containerization technologies like Docker and Kubernetes.
  • Work with cloud service providers and third-party vendors to ensure security requirements are met.
  • Deep understanding of cyber risk management, cyber threats, vulnerabilities, and attack vectors, with a track record of implementing effective security controls.
  • Experience with agile development frameworks, like SAFe, KANBAN and SCRUM.
  • Experiences with managing projects and successfully executing strategies.
  • Strong analytical and problem-solving abilities, with keen attention to detail.
  • Strong communication, presentation, and training skills, including the ability to communicate technical concepts to non-technical stakeholders.
  • Familiarity with regulatory requirements and industry standards related to information security and data privacy.
  • Collaborative mindset and experience working with Legal, DPO, Risk & Control, Audit, and Procurement teams.
  • Experience in large international organizations and handling enterprise-level projects.
  • Ability to work with a broad spectrum of people with various technical acumen.
  • CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), IT/Security Vendor Certifications (e.g. Cisco, Microsoft, RSA), and/or ISO27001 Lead Auditor or similar certifications are a bonus.
  • Fluency in written and spoken English.

We offer:

  • The opportunity to introduce solutions that you are personally convinced of, and to constantly take on new challenges with a high level of responsibility
  • Excellent career development opportunities, supported by a wide range of training and development courses
  • Competitive remuneration (13 salaries + vacation pay) and social benefits, as well as a permanent employment contract with a financially healthy company
  • At least 28 days of vacation, flextime, capital-forming benefits, company pension plan
  • Company restaurant with daily varying, high-quality dishes to choose from as well as coffee bar
  • Centrally located between the main train station and Jungfernstieg as well as subsidized public transportation
  • Hybrid work model: 3 days a week at our headquarters in the heart of Hamburg and 2 days a week of mobile work
  • Health and company sports programs (e.g. yoga, sailing, company doctor, etc.) as well as bicycle leasing

Contact person

Dawid Bujalla Manager Talent Acquisition & Employer Branding