About Hapag-Lloyd
With a fleet of 287 modern container ships and a Vessel Capacity 2.2 million TEU, as well as a Container Capacity 3.2 million TEU including one of the world’s largest and most modern reefer container fleets, Hapag-Lloyd is one of the world’s leading liner shipping companies. In the Liner Shipping segment, the Company has around 13.500 employees and 400 offices in 139 countries. Hapag-Lloyd has a container capacity of 11.9 million TEU – including one of the largest and most modern fleets of reefer containers. A total of 114 liner services worldwide ensure fast and reliable connections between more than 600 ports across the world. In the Terminal & Infrastructure segment, Hapag-Lloyd has stakes in 20 terminals in Europe, Latin America, the United States, India, and North Africa. The roughly 2.600 employees assigned to the Terminal & Infrastructure segment deal with terminal-related activities and provide complementary logistics services at selected locations.

Platform Security Lead

Share your profile withmuthuvignesh.rajendran@hlag.com , for further enquiries contact: 7305069446

Summary of the Role

We are seeking a highly skilled and experienced Platform Security Lead (PSL) with a specialized focus on Maritime Cyber Security, to join our team and enhance the security posture of our maritime platforms. In this critical role within the CISO Department, you will not only drive security by design across IT and Development teams but also address unique maritime cybersecurity challenges, ensuring the safety and security of our container shipping operations.

As the Platform Security Lead, your responsibilities will extend to assessing potential security threats or breaches specific to maritime operations, raising awareness about critical security considerations unique to the maritime sector, and driving the implementation of robust security requirements in close cooperation with our CISO Teams. This role demands a deep understanding of the maritime industry's regulatory landscape and the ability to tailor cybersecurity strategies to meet these specialized needs.

Role & responsibilities

As Platform Security Lead for Fleet IT at Hapag-Lloyd, you will play a crucial role in safeguarding our maritime operations by:

  • Driving Security by Design Across Maritime Platforms: Ensure that cybersecurity is an integral part of the IT and development lifecycle within our maritime operations, including onboard container ships and related maritime infrastructure.
  • Performing Maritime-Focused Risk Assessments: Conduct comprehensive risk assessments tailored to the maritime environment, including design reviews of shipboard systems, network, production of security requirements for maritime applications, and validation of security controls on nautical IT systems.
  • Serving as the Primary Security Contact for Maritime IT: Act as the main liaison for all security-related topics within Fleet IT, connecting with the wider CISO department for expertise.
  • Assessing Security Risks for Maritime Projects: Formally evaluate information security risks associated with maritime solution/business projects, from inception through to deployment, ensuring continuous monitoring and remediation efforts.
  • Specializing in Maritime Platform Security: Develop deep knowledge of and strong relationships within the maritime platform, ensuring that security is not only embedded but also addresses the specific needs of maritime operations.
  • Supporting CISO Risk & Compliance with a Maritime Focus: Assist in the creation, review, and updating of information security policies with a particular emphasis on maritime cybersecurity challenges and compliance.
  • Working hand-in-hand with IT teams (developers, architects, product owners, business) to serve the platforms requirements and CISO requirements to ensure that the security posture is in line with the risk appetite and threat landscape.
  • Collaborating with other team members to identify opportunities for implementing common security solutions.
  • Supporting our CISO Risk & Compliance team and participating in the creation, review and update of information security policies.

Preferred candidate profile

  • Candidates with CISSP/CISA/AWS Solution Architect/CCNA/CCNP Certifications.
  • Masters or bachelors degree in information technology, Information Systems Security, Cybersecurity, or a related field, or equivalent technical training with a preference for specialization in maritime cybersecurity.
  • Minimum 4 years of relevant IT and Information Security experience, including significant exposure to maritime IT environments, demonstrating the ability to act independently with minimal supervision.
  • Experience with security architectures, extending to maritime-specific technologies and systems such as shipboard networking, satellite communications, and container tracking systems, in addition to cloud, mobile, enterprise, web, and app security architecture.
  • Proven experience with threat modeling frameworks like MITRE ATT&CK, STRIDE, PASTA, with a preference for applying these frameworks to maritime or nautical IT scenarios.
  • Understanding of core concepts of ISO 27001, ISO 27017, NIST, NTSC, OWASP, CIS, CVSS, with additional familiarity with maritime-specific standards and guidelines, such as those from the International Maritime Organization (IMO) or other relevant maritime cybersecurity frameworks.
  • Experience with security tests to address vulnerabilities unique to maritime IT systems, including but not limited to code execution, SQL injection, and cross-site scripting, with an understanding of the specific cybersecurity challenges faced by maritime operations.
  • Deep knowledge of security in cloud computing and microservices architecture, with a focus on how these technologies are leveraged in maritime environments for operational efficiency and security.
  • Familiarity with security-related legal and regulatory requirements, including those specifically applicable to maritime operations, such as port security standards, maritime transport security regulations, and international shipping compliance requirements.
  • Demonstrated specialized knowledge in web application security and mobile application security, with an emphasis on data protection methods critical for the confidentiality, integrity, and availability of maritime operational data.
  • Generalist specialist with a broad knowledge across several areas of security and deep expertise in 2 or 3 areas, particularly those relevant to Fleet IT operations, such as cybersecurity for navigation systems, cargo management systems, and ship-to-shore communications.
  • Excellent communication skills and the ability to translate complex technical jargon into clear, understandable language for non-technical stakeholders, with an emphasis on articulating the unique security needs and challenges of Fleet IT operations to a wider audience.

Perks and benefits

Recreation: Play area with PS5, Table Tennis, Foosball, Carrom, and Chess
Financial & Health: Provident Fund, Gratuity, Performance Bonus, Medical Insurance, Leave Travel Allowance
Work-Life Balance: Hybrid model after probation confirmation based on Manager's approval (3 days in office, 2 days WFH), Generous Leave Policies
Facilities: Car/Bike Parking, Food Court, Modern Office Environment
Professional Development: HL Academy - Training Programs, Career Growth Opportunities, Employee Referral Policy

 

 

Contact person

Muthu Vignesh Rajendran Talent Acquisition Executive