Vendor and Cyber Security Risk Manager (m/f/d)

Job Description

With our global presence, Hapag-Lloyd uses a great number of suppliers in various countries. The suppliers differ e.g. from IT and OT services, SaaS providers, goods and services for our vessels or around our container terminals. Ensuring adequate security risk management for all those vendors together with internal and external experts and the corresponding stakeholders of those vendors is the primary role.

As the processes for vendor security risks and information security risks are closely interlinked, the role will also support in the general security risk management.

With the IS risk management, we aim to increase the transparency of our risk portfolio, drive Security by Design and enable justified risk decisions while achieving a high level of efficiency and automation.

The candidate will drive adoption of the security risk processes while further maturing our risk methods and improving usability and reporting of the security risk management in close collaboration with security experts, IT, procurement, legal, DPO, and the business.

Together with the CISO Risk & Compliance team and the subject matter experts, the candidate will assess and manage identified risks and consult the risk owners on adequate mitigations.

The role is a control function with additional strong consulting capabilities, to empower the business and the IT to deliver the best services to our customers.

Responsibilities

• Lead the Vendor Security Risk Management in Hapag-Lloyd AG
• Evolve and drive the Vendor Security Risk Management strategy and capabilities in all business areas and countries
• Assess information & cyber security risks and consult the risk owners in the areas of 3rd Party risks with the support of our external vendor security risk provider and various experts
• Manage risks, risk decision meetings and align with procurement, legal and other stakeholders
• Moderate the vendor classification and risk assessments for more complex services and ensure the quality of the results
• Improve risk aggregation, risk assessment, dashboards and reporting and integration with our cyber threat assessment and risk management processes
• Improve collaboration with CISO, IT and business departments to ensure compliance and appropriate security risk management across the organization
• Explore new impulses, trends, and innovations in the areas of information security risk & compliance and make recommendations for improvements
• Educate and empower Hapag-Lloyd's personnel about Information & Cyber Security Risks, regulations, and compliance to minimize associated risks

Qualifications

• Extensive experience in vendor security risk management
• Experience with security or operational risks or quantitative risk methods is a strong plus
• Experience in training risk officers to improve their risk assessment capabilities
• Knowledge of information security principles, frameworks, and best practices
• Understanding of security risk management, cyber threats, vulnerabilities and attack vectors related to defining and implementing effective security controls
• Strong analytical and problem-solving abilities, with keen attention to detail
• Knowledge of project management and using agile and control methods is beneficial
• Service orientation, collaborative mindset and experience working with business owners, legal, DPO, and procurement teams
• Experience in large international organizations is a plus
• Fluency in written and spoken English

About Us

With a fleet of 287 modern container ships and a Vessel Capacity of 2.2 million TEU, as well as a Container Capacity of 3.2 million TEU including one of the world's largest and most modern reefer container fleets, Hapag-Lloyd is one of the world's leading liner shipping companies. In the Liner Shipping segment, the Company has around 13,500 employees and 400 offices in 139 countries. Hapag-Lloyd has a container capacity of 11.9 million TEU - including one of the largest and most modern fleets of reefer containers. A total of 114 liner services worldwide ensure fast and reliable connections between more than 600 ports across the world. In the Terminal & Infrastructure segment, Hapag-Lloyd has stakes in 20 terminals in Europe, Latin America, the United States, India, and North Africa. The roughly 2,600 employees assigned to the Terminal & Infrastructure segment deal with terminal-related activities and provide complementary logistics services at selected locations.

About the Team

• The opportunity to introduce solutions that you are individually convinced of, and to constantly take on fresh challenges with a distinguished level of responsibility
• Excellent career development opportunities, supported by a spacious range of training and development courses
• Competitive remuneration (13 salaries + vacation pay) and various additional benefits, as well as a permanent employment contract with a financially healthy company
• A minimum of 28 days of vacation, flextime, capital-forming benefits, company pension plan
• Company restaurant with everyday fluctuating, great-quality dishes to choose from as well as coffee bar
• Centrally located between the main train station and Jungfernstieg as well as subsidized public transportation
• Blended work model: 3 days a week at our headquarters in the heart of Hamburg and 2 days a week of mobile work
• Health and company sports programs (e.g., yoga, sailing, company doctor, etc.) as well as bicycle leasing