Manager (m/f/d) IT Security Management & Compliance

Hamburg, Germany

⚠️ We'll shut down after Aug 1st - try foo🦍 for all jobs in tech ⚠️

Apply now Apply later

The Manager (m/f/d) IT Security Management & Compliance will lead the external audits and certifications in the area of Information and Cyber Security Management. Together with our ISMS experts the manager will create a strategy and subsequently a governance framework and the processes to further mature our ISMS, governance and cyber security compliance processes. 

The candidate will drive the change from a policy-based ISMS to a user-friendly, control-based AI solution, which is deeply integrated into our software development and project management processes. The new ISMS solution will also promote compliant standard solutions and automated compliance checks.

The global footprint of Hapag-Lloyd requires us to identify laws and regulatory requirements as well as anticipate customer demands in various countries, these need to be integrated into our control framework. The candidate will ensure this together with our legal experts and external consultants and support in defining adequate clauses in customer and vendor contracts.

The candidate will drive adoption of the ISMS processes and reporting of the corresponding KPIs/KRIs and the maturity of our ISMS.

Together with the CISO Risk & Compliance team and the subject matter experts the candidate will support in identifying risks and consult the risk owners on adequate mitigations. 

The role is a control function with additional strong consulting capabilities, to empower the business and IT to deliver the best services to our customers.

  • Lead the management of external audits like NIS-2/KRITIS, ISO 27001, TISAX
  • Anticipate and support requests from customers and government bodies concerning Information & Cyber Security and Compliance 
  • Identify relevant external/regulatory requirements like NIS-2/KRITIS, TISAX, NIST in cooperation with the business, DPOs, Legal and international consultancies.
  • Support the legal and sales experts in defining and negotiating adequate legal clauses with our customers and our vendors
  • Design, develop and implement our ISMS & compliance strategy, our Information & Cyber Security governance and framework as well as the corresponding roadmap.
  • Define, develop, and report metrics to measure the effectiveness of the ISMS and manage oversight done by CISO department 
  • Transpose external requirements into ISMS policies and controls in cooperation with experts like technical architects and Platform Security Leads 
  • Ensure compliance and manage compliance assessments with corresponding stakeholder 
  • Improve collaboration with other CISO teams and with IT and business to ensure compliance and appropriate risk management across the organization.
  • Support the team leadership in team building and organizational measures and budget and project planning
  • Exploring new impulses, trends, and innovations in the areas of information security risk & compliance and making recommendations for improvements
  • Extensive experience in information & cyber security compliance roles
  • Strong knowledge of information security principles, frameworks, and best practices
  • Deep understanding of cyber risk management, cyber threats, vulnerabilities, and attack vectors, with a track record of implementing effective security controls
  • Familiarity with regulatory requirements like NIS/NIS2, KRITIS, China Security Law, GDPR and industry standards like ISO 27001, OWASP Top 10, NIST CSF) related to information security and data privacy
  • Strong analytical and problem-solving abilities, with keen attention to detail
  • Strong communication, presentation, and training skills, including the ability to communicate technical concepts to non-technical stakeholders
  • Strong understanding and passion for information security risks and mitigating behaviours
  • Collaborative mindset and experience working with Legal, DPO, Risk & Control, Audit, and Procurement teams
  • Experience in large international organizations and handling enterprise-level projects

With a fleet of 308 modern container ships and a Vessel Capacity of 2.4 million TEU, as well as a Container Capacity of 3.7 million TEU including one of the world’s largest and most modern reefer container fleets, Hapag-Lloyd is one of the world’s leading liner shipping companies. In the Liner Shipping segment, the Company has around 17,100 employees and more than 400 offices in 140 countries. Hapag-Lloyd has a transport volume of 12.5 million TEU per year. A total of 135 liner services worldwide ensure fast and reliable connections between more than 600 ports across the world. In the Terminal & Infrastructure segment, Hapag-Lloyd has stakes in 21 terminals in Europe, Latin America, the United States, India, and North Africa. The employees assigned to the Terminal & Infrastructure segment deal with terminal-related activities and provide complementary logistics services at selected locations.
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  7  0  0

Tags: Audits CISO Compliance GDPR Governance ISMS ISO 27001 KPIs NIS2 NIST OWASP Privacy Risk management Strategy TISAX Vulnerabilities

Perks/benefits: Career development Team events

Region: Europe
Country: Germany

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.