Director (m/f/d) Cyber & Information Security - Risk & Compliance

We are seeking a highly skilled and motivated Director (m/f/d) Cyber & Information Security - Risk & Compliance to join us with the aim to further strengthen our CISO Leadership team. In this role, you will be responsible for managing information and cyber security risks, ensuring compliance, as well as ensuring resilience to security threats across our company.

Reporting directly to the CISO and as a member of the Leadership Team, you will make a significant impact at Hapag-Lloyd by further building and leading our CISO Risk & Compliance team. Your primary focus will be on developing a strong team, and a robust and comprehensive information and cyber security risk management program. Collaborating with cross-functional teams, you will establish and enforce security policies, procedures, and controls to meet regulatory requirements and industry best practices.

• Design, develop, and execute our global information and cyber security risk management strategy, framework, and roadmap
• Establish and deliver procedures and controls to ensure compliance with regulatory and legal requirements, as well as internal standards
• Collaborate with key stakeholders to enhance and maintain a comprehensive set of security policies, standards, and procedures
• Develop and manage our Information Security Management System (ISMS)
• Ensure compliance with relevant regulatory requirements (e.g., GDPR, KRITIS) and industry standards (e.g., ISO 27001)
• Execute and oversee our Vendor Security Risk Management (VSRM) Program
• Define and lead our Project Risk Assessment methodology, including processes and tools
• Establish and manage our Information & Cyber Security Risk Management methodology, processes, and tools
• Conduct business impact analysis (BIA) and risk assessments (RA) of applications
• Educate and empower Hapag-Lloyd’s personnel about Information & Cyber Security Risks, regulations, and compliance to minimise associated risks
• Collaborate with the CISO, IT, and Business departments to ensure compliance and proper risk management across the organization
• Identify, assess, and prioritize potential risks related to information systems, networks, data assets, and compliance
• Implement and manage security controls, technologies, and processes to mitigate identified risks and vulnerabilities
• Stay updated with the latest trends and emerging threats in information and cyber security, making recommendations for improvement
• Establish and maintain relationships with internal and external auditors, vendors, and industry experts for compliance and continuous improvement
• Define, develop, and report metrics to measure the effectiveness of controls and compliance
• Provide regular reports and updates to senior leadership and relevant stakeholders on the state of information and cyber security risk management and compliance

• Extensive experience (including several years of leadership experience) in information & cyber security, risk management, and compliance roles
• Strong knowledge of information security principles, frameworks, and best practices
• Deep understanding of cyber threats, vulnerabilities, and attack vectors, with a track record of implementing effective security controls
• Familiarity with regulatory requirements and industry standards related to information security and data privacy
• Strong analytical and problem-solving abilities, with keen attention to detail
• Excellent communication, presentation, and training skills, including the ability to communicate technical concepts to non-technical stakeholders
• Strong understanding and passion for information security risks and mitigating behaviors
• Excellent leadership skills, with experience leading and managing teams and driving change across the organization
• Collaborative mindset and experience working with Legal, DPO, Risk & Control, Audit, and Procurement teams
• Understanding of privacy regulations (GDPR) and other security standards and frameworks (ISO 27001, OWASP Top 10, CIS Top 20, NIST CSF) is advantageous
• Experience in large international organizations and handling enterprise-level projects
• Experience in transformational projects in IT or Information Security
• Fluency in written and spoken English