The Cyber Security Incident Response Manager is responsible for the management of high impact Information Security, Cyber Security events and incidents at Hapag-Lloyd.

For this role, a successful candidate will need to have leadership and management skills and be proactive in driving forward incident response on behalf of Hapag-Lloyd, ensuring timely and accurate management of Cyber & Information Security incidents. Additionally, you will be providing input into incident response processes and plans, working with third parties, and providing executive awareness and communications on significant incidents, events, or threats to the organization.

An ideal candidate will understand the role incident response plays and how to translate outputs into enhancements of strategies and incident response playbooks. You should have technical skills and understanding, including forensics understanding, such as chain of evidence and secure evidence collection methods. You will take responsibility for the operations pillar and oversee that the work is structured and prioritized accordingly. You are expected to provide insights in operational work by delivering performance reports and operational briefings to stakeholders, based on analysis and investigation of incidents and their business impact on the organization.

You will play a key role in building and maintaining stakeholder relationships both inside and outside of Hapag-Lloyd, coordinating and managing the incident management process and response activities, as well as looking how to improve and streamlining existing processes. Reporting directly to the Head of Security Operations, you are expected to actively participate in collaboration initiatives and work with other peers inside and outside of Hapag-Lloyd (including from government institutions and private sector) to further develop the understanding of the global landscape.

• Lead and manage our incident response strategy, plans, capabilities, activities, and improvements.
• Serve as incident commander for all Cyber & Information Security Incidents, prioritizing and coordinating response and facilitating information sharing throughout Hapag-Lloyd.
• Serve as liaison between technical and business teams to minimize the impact of the incident and maintain the business’ operations.
• Operate as incident response handler, direction technology teams and other stakeholder teams during an incident, to include incident containment, evidence gathering and preservation, assist in the identification of remedial steps and actions.
• Provide detailed and timely post-mortem reports detailing root cause analysis and recommendations to relevant stakeholders and executive sponsors. Drive the continuous improvement of processes and procedures.
• Elaborate and advise on incident response strategies at the tactical, operational, and strategic level.
• Develop and maintain comprehensive incident response playbooks, outlining procedures, best practices, and escalation protocols.
• Identify and assess incidents and the risk they pose to the organization.
• Manage external relationships with law enforcement, regulatory bodies, and third-party incident response providers as needed for specific incidents.
• Convey the proper security severity by explaining the risk exposure and its consequences to non-technical stakeholders.
• Coordinate with stakeholders to share information on incidents, response actions and mitigation activities.
• Take responsibility to steer execution of the strategy and actions based on facts and data.
• Ensuring the effectiveness and efficiency of the incident response services and processes (e.g., by designing and executing tabletop exercises to ensure all relevant stakeholders understand their roles and can execute their responsibilities during an incident).
• Remain abreast of industry trends, emerging threats, and best practices to inform the enhancement of incident response capabilities.
• Drive the competencies and capabilities within CISO and Hapag-Lloyd in the field of incident response.

• Master’s or bachelor’s degree or equivalent technical training in Information Technology, Information Systems Security, Cybersecurity, or related field.
• Four years of professional experience on information security, incident response or relevant domain experience in large companies and corporate experience.
• Experience in incident response, security monitoring, digital forensics and/or advanced malware analysis.
• Experience with managing multiple incidents simultaneously and effectively prioritizing resources.
• Experience in identifying, managing, and producing executive-level incident updates, reports, and recommendations to guide decision-making and risk management.
• Experience with managing or performing incidents on cloud environments.
• Certification like CISM, GCIH, CCIM, CSIH or other specific information security or threat management certifications are highly desired.
• Good understanding of (security) data analytics, quantitative modelling of data and data research.
• Experience working with threat intelligence frameworks (like MITRE ATT&CK/D3FEND) and security-related legal and regulatory requirements (BSI KRITIS, ISO 27001, NIST, …) is convenient.
• Experience in performing complex analysis and investigation of problems and their business impact on the organization.
• Experience in tech, security or shipping industry would be desired but not essential.
• Experience in setting relations within the organization, with IT and with business partners to coordinate activities and professional communication.
• Strong analytical and problem-solving skills.
• Responsive and able to take responsibility for actions & deliverables.
• Fluent both in written and spoken English.

• Dynamic and modern working atmosphere in a newly renovated, modern office in the heart of Hamburg’s city center
• At least 28 days of vacation, flextime, capital-forming benefits, hybrid work model
• Subsidy for public transportation
• Bike leasing for all positions
• Restaurant and coffee bar
• Health and company sports programs (e.g., yoga, sailing, fitness courses, and much more)
• Corporate volunteering cooperation with purpozed

#hapaglloyd

Save time with your application and send us only your CV for now. You can easily apply online by using our application tool.

We kindly ask recruiters and employment agencies to refrain from sending us unsolicited profiles and CVs of potential applicants for this or other positions advertised on our website.