About Hapag-Lloyd
With a fleet of 287 modern container ships and a Vessel Capacity 2.2 million TEU, as well as a Container Capacity 3.2 million TEU including one of the world’s largest and most modern reefer container fleets, Hapag-Lloyd is one of the world’s leading liner shipping companies. In the Liner Shipping segment, the Company has around 13.500 employees and 400 offices in 139 countries. Hapag-Lloyd has a container capacity of 11.9 million TEU – including one of the largest and most modern fleets of reefer containers. A total of 114 liner services worldwide ensure fast and reliable connections between more than 600 ports across the world. In the Terminal & Infrastructure segment, Hapag-Lloyd has stakes in 20 terminals in Europe, Latin America, the United States, India, and North Africa. The roughly 2.600 employees assigned to the Terminal & Infrastructure segment deal with terminal-related activities and provide complementary logistics services at selected locations.

Background

Hapag-Lloyd CISO is accountable on keeping the business secure and to safeguard customer trust by predicting, preventing, identifying, and responding to threats and make sure a quick recovery from cyber-related incidents. Whilst assisting Hapag-Lloyd management, business, and other areas, we enable our employees by providing usable and secure services and ensuring that security is part of our DNA. Our mission is to enable the company to continue doing business securely and efficiently.
Hapag-Lloyd is operating in an increasingly complex environment were disruptive technologies, new types of threats and new cyber security regulations create additional cyber risks for organizations. Digitization is a top priority as customer preferences are changing towards mobile and digital and is part of Hapag-Lloyd values: “We care, We move, We deliver”, which are the heart of everything we do.

Summary of the Role

We are currently seeking a dedicated and analytical Vulnerability Management Analyst to join our Cyber Resilience Fusion Center team. This role is essential for protecting our Information Technology (IT) and Operational Technology (OT) environments from potential threats and vulnerabilities. The ideal candidate will be responsible for identifying, evaluating, and reporting on security vulnerabilities within our systems and networks. Working in the Attack Surface Management (ASM) area, the Vulnerability Management Analyst plays a crucial role in maintaining the integrity, confidentiality, and availability of our IT and OT infrastructures by ensuring our systems are safeguarded against the latest threats.

Responsibilities and Tasks

  • Conduct regular scans of IT and OT systems to identify vulnerabilities and assess their potential impact.
  • Perform thorough risk assessments on identified vulnerabilities, considering both the technical aspects and the business context.
  • Collaborate with IT and OT teams to prioritize and facilitate the timely patching of vulnerabilities.
  • Prepare detailed reports on vulnerability findings, including risk assessments, recommended actions, and patch management status.
  • Develop and maintain Vulnerability Management policies, procedures, and related documentation to ensure consistent and effective practices.
  • Stay abreast of the latest cybersecurity threats and vulnerabilities, incorporating this intelligence into Vulnerability Management processes.
  • Communicate effectively with various stakeholders, including IT and OT teams, management, and external partners, to ensure a comprehensive understanding of vulnerabilities, impacts, and mitigation strategies.
  • Provide expertise and support during cybersecurity incidents related to vulnerabilities.
  • Assist in compliance efforts and audits, ensuring that Vulnerability Management practices meet industry standards and regulatory requirements.
  • Regularly review and recommend improvements to the Vulnerability Management program to enhance security posture.

Requirements and Qualifications

  • Master’s or bachelor’s degree or equivalent technical training in Information Technology, Information Systems Security, Cybersecurity, or related field.
  • Minimum of 3 years of experience in Cybersecurity, specifically in Vulnerability Management, risk assessment, or a similar role.
  • Strong understanding of both Information Technology (IT) and Operational Technology (OT) systems and their unique security challenges.
  • Proficiency with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7) and familiarity with security frameworks (e.g., NIST, ISO 27001).
  • Ability to analyze vulnerability data, assess risks, and prioritize responses based on potential impact.
  • Excellent written and verbal communication skills, with the ability to explain technical details to non-technical stakeholders.
  • Relevant certifications such as CEH, Security+, PenTest+, GSEC are desired.
  • Good understanding of Windows, UNIX and Linux operating systems functions and security.
  • Ability to clearly convey results in formal technical reports and deliver briefings to senior staff, technical specialists, and management, including CISO and C-Suite.
  • Excellent soft skills – team building, conflict resolution, empathy, motivation, creativity, flexibility.
  • Experience working in Supply Chain, Logistics, Shipping/Transport sectors is a plus.
  • Creative and flexible mindset.
  • Responsive and able to take responsibility for actions & deliverables.
  • Stick to commitments and hold each other accountable.
  • Ability to work collaboratively in a team environment and with employees from various departments.
  • Excellent oral and written English communication skills.

 

Contact person

Muthu Vignesh Rajendran Talent Acquisition Executive