Description With our global presence Hapag-Lloyd uses a great number of suppliers in various countries. The Suppliers differ e.g. from IT and OT services, SaaS providers, goods and services for our vessels or around our container terminals. Ensuring an adequate security risk management for all those vendors together with internal and external experts and the corresponding stakeholder of those vendors is the primary role. As the processes for vendor security risks and information security risks are closely interlinked, the role will also support in the general security risk management. With the IS risk management we aim to increase the transparency of our risk portfolio, drive Security by Design and enable justified risk decisions, while achieving a high level of efficiency and automation. The candidate will drive adoption of the security risk processes while further maturing our risk methods and improving usability and reporting of the security risk management in close collaboration with security experts, IT, procurement, legal, DPO and the business. Together with the CISO Risk & Compliance team and the subject matter experts the candidate will assess and manage identified risks and consult the risk owners on adequate mitigations. The role is a control function with additional strong consulting capabilities, to empower the business and the IT to deliver the best services to our customers. Responsibilities Lead the Vendor Security Risk Management in Hapag-Lloyd AG Evolve and drive the Vendor Security Risk Management strategy and capabilities in all business areas and countries Assess information & cyber security risks and consultant the risk owners in the areas of 3rd Party risks with the support of our external vendor security risk provider and the support of various experts Manage risks, and risk decision meetings and align with procurement, legal and other stakeholders Moderate the vendor classification and risk assessments for more complex services and ensure the quality of the results Improve risk aggregation, risk assessment, dashboards and reporting and integration with our cyber threat assessment and risk management processes Improve collaboration with CISO, IT and business departments to ensure compliance and appropriate security risk management across the organization Exploring new impulses, trends, and innovations in the areas of information security risk & compliance and making recommendations for improvements Educate and empower Hapag-Lloyd’s personnel about Information & Cyber Security Risks, regulations, and compliance to minimise associated risks Qualifications Extensive experience in vendor security risk management Experience with security or operational risks or quantitative risk methods is a strong plus Experience in training risk officers to improve their risk assessment capabilities Knowledge of information security principles, frameworks, and best practices Understanding of security risk management, cyber threats, vulnerabilities and attack vectors related to defining and implementing effective security controls Strong analytical and problem-solving abilities, with keen attention to detail Knowledge of project management and using agile and control methods is beneficial Service orientation, collaborative mindset and experience working with business owners. legal, DPO, and procurement teams Experience in large international organizations is a plus Fluency in written and spoken English