Incident Response Manager (m/f/d)

The Incident Response Manager (m/f/d) is responsible for overseeing the management and coordination of Threat Detection and Response (TDR) activities across Hapag-Lloyd, ensuring effective day-to-day operations within the TDR team. 

For this role, a successful candidate will need strong leadership and management skills and be proactive in advancing TDR capabilities on behalf of Hapag-Lloyd. They must ensure the timely and accurate execution of security incident response activities and collaborate closely with other teams within the Cyber Security Operations organization. Additionally, the role includes contributing to strategic planning for TDR processes, toolsets, and methodologies to keep pace with evolving cyber threats. 

An ideal candidate will understand the critical role incident response plays and know how to apply insights from TDR activities to improve threat detection strategies and response playbooks. Technical expertise in security incident response methodologies, including digital forensics, is essential. You will oversee operations to ensure they are well-structured and effectively prioritized. Delivering regular performance reports and operational briefings to stakeholders, based on in-depth analysis of security incidents and their business impact on the organization, is a key component of this role. 

You will also play an integral role in building and maintaining stakeholder relationships both inside and outside of Hapag-Lloyd. This includes coordinating with various teams to ensure seamless incident management processes and exploring opportunities to streamline workflows. Reporting directly to the TDR Lead, you are expected to participate actively in collaboration initiatives and work with peers across the organization, including government and private sector partnerships, to further the understanding of the global threat landscape. 

• Lead and manage our threat detection and response strategies, plans, capabilities, activities, and improvements. 
• Oversee the daily operations of the TDR team, ensuring timely, accurate, and effective security incident response and proactive threat hunting activities. 
• Serve as a primary liaison between technical teams and business units to reduce the impact of security incidents and maintain business operations. 
• Guide and mentor the TDR team, fostering a collaborative and cohesive environment, promoting knowledge sharing, and encouraging continuous improvement. 
• Develop and maintain TDR playbooks, defining procedures, best practices, and escalation protocols to enhance response capabilities. 
• Review incident response cases, offering guidance on anomaly-based detection, and facilitating improvements in detection and analysis. 
• Provide timely and detailed post-incident reports, summarizing root cause analyses, and making recommendations to stakeholders and executive sponsors. Drive the continuous improvement of processes and procedures. 
• Monitor levels of service within the TDR team and interpret threats using intrusion detection systems, SIEM platforms, and other security management products. 
• Build and maintain shift schedules and deploy staffing within the established team structure. 
• Drive the development and implementation of TDR processes, leveraging insights from lessons learned to improve response efficiency and reduce response times. 
• Continuously assess and adapt TDR processes and toolsets to stay aligned with emerging cybersecurity trends and threats. 
• Manage external relationships with law enforcement, regulatory bodies, and third-party incident response providers as needed for specific security incidents. 
• Convey the proper security severity by explaining the risk exposure and its consequences to non-technical stakeholders. 
• Ensuring the effectiveness and efficiency of the security incident response services and processes (e.g., by designing and executing tabletop exercises to ensure all relevant stakeholders understand their roles and can execute their responsibilities during an incident). 

• Master’s or bachelor’s degree Information Technology, Cybersecurity, or related field. 
• Five years of experience in cybersecurity, with a primary focus on Threat Detection and Response (TDR) functions in large companies. 
• Experience in incident response, security monitoring, digital forensics and/or advanced malware analysis. 
• Proven experience in a managerial role within TDR, demonstrating the ability to lead and coordinate a high-functioning team. 
• Strong understanding of TDR principles, including security products, network protocols, data center operations, and cloud computing. 
• Familiarity with cybersecurity tools and platforms, including Microsoft Sentinel, Microsoft Defender, IBM QRadar, and Palo Alto, to enhance monitoring and response functions. 
• Experience in identifying, managing, and producing executive-level incident updates, reports, and recommendations to guide decision-making and risk management. 
• Relevant certifications such as GCIH, GCFA, or other certifications related to incident response and threat detection. 
• Experience working with threat intelligence frameworks (like MITRE ATT&CK/D3FEND) and security-related legal and regulatory requirements (BSI KRITIS, ISO 27001, NIST, …) is convenient. 
• Project management skills and experience with multi-incident response environments. 
• Experience in tech, security or shipping industry would be desired but not essential. 
• Experience in setting relations within the organization, with IT and with business partners to coordinate activities and professional communication. 
• Ability to foster a collaborative team environment, coaching and developing team members. 
• Strong analytical skills and attention to detail, with an approach oriented towards finding effective solutions to complex security issues. 
• Creative and flexible mindset, with the ability to adapt quickly to changing priorities and requirements. 
• Fluent both in written and spoken English. 

With a fleet of 287 modern container ships and a Vessel Capacity 2.2 million TEU, as well as a Container Capacity 3.2 million TEU including one of the world’s largest and most modern reefer container fleets, Hapag-Lloyd is one of the world’s leading liner shipping companies. In the Liner Shipping segment, the Company has around 13.500 employees and 400 offices in 139 countries. Hapag-Lloyd has a container capacity of 11.9 million TEU – including one of the largest and most modern fleets of reefer containers. A total of 114 liner services worldwide ensure fast and reliable connections between more than 600 ports across the world. In the Terminal & Infrastructure segment, Hapag-Lloyd has stakes in 20 terminals in Europe, Latin America, the United States, India, and North Africa. The roughly 2.600 employees assigned to the Terminal & Infrastructure segment deal with terminal-related activities and provide complementary logistics services at selected locations.