Incident Response Lead

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 155,000 people worldwide, including 4,000 in Marseilles where its head office is located.

THE ROLE

As the Incident Response Commander Lead, you will be the driving force behind our cybersecurity inci-dent response operations, leading a team of elite Incident Response Commanders in detecting, analyzing, containing, and mitigating cyber threats. This role demands exceptional leadership, crisis management, and deep investigative expertise to guide high-stakes incident response efforts effectively.

You will report directly to the Cyber Defense Center (CDC) Director, ensuring that your team is always prepared, proactive, and decisive in managing security incidents and minimizing business impact. Beyond just responding to incidents, you will develop strategy, enforce operational excellence, and enhance team capabilities to stay ahead of evolving cyber threats.

WHAT ARE YOU GOING TO DO?

•    Lead and inspire a team of Incident Response Commanders, fostering a culture of excellence, ur-gency, and accountability.
•    Command and oversee all major cybersecurity incidents, ensuring rapid detection, containment, investigation, and remediation.
•    Act as the escalation point for critical incidents, making high-pressure decisions with precision.
•    Enhance crisis management strategies to ensure swift coordination across technical and business stakeholders.
•    Develop and enforce incident response frameworks aligned with industry best practices (MITRE ATT&CK, NIST, Cyber Kill Chain).
•    Collaborate closely with threat intelligence, SOC, forensic, and red team functions to anticipate and mitigate threats proactively.
•    Lead tabletop exercises and crisis simulations to test and refine response capabilities.
•    Mentor and upskill the incident response team, ensuring they stay ahead of emerging threats and technologies.
•    Define and implement continuous improvement processes to enhance detection, response, and remediation efficiency.
•    Represent the incident response function in executive-level discussions, providing clear, concise, and actionable insights.

WHO ARE WE LOOKING FOR?

ESSENTIAL EXPERTISE & EXPERIENCE
•    Proven leadership experience in cybersecurity incident response, crisis management, or SOC operations.
•    10+ years of experience in cybersecurity, including 5+ years in a leadership role within Incident Response, CERT, or SOC.
•    Industry-recognized certifications (e.g., GIAC/GCIH, GCFA, GCIA, CISSP, CISM, OSCP).
•    Expert-level knowledge of attack techniques, threat actors, and exploit methodologies.
•    Hands-on experience with forensic analysis, malware analysis, and threat intelligence.
•    Deep familiarity with MITRE ATT&CK, Cyber Kill Chain, NIST, and other security frameworks.
•    Strong crisis management skills, with the ability to make critical decisions under pressure.
•    Excellent communication skills, able to articulate technical risks to executive leadership.
•    Experience conducting tabletop simulations and training security teams for real-world incidents.
•    Proficiency in SIEM, EDR, and forensic tools (Splunk, Sentinel, CrowdStrike, etc.).
•    Fluent in French & English (spoken and written) in a professional context.

ADDITIONAL STRENGTHS THAT SET YOU APART:
•    Experience in transport, shipping, or logistics industries.
•    Experience in attack surface management and exposure reduction.
•    Strong ability to analyze and synthesize large amounts of security data.
•    Proven ability to drive change and innovation in security operations.
•    Experience working in international and offshore environments.
•    Background in cyber risk assessment and reporting.
 

Please ensure you are familiar with the CMA CGM Corporate Internal Mobility guidelines