Description Hapag-Lloyd CISO is accountable on securing our business operations and protecting customer trust through proactive threat prediction, prevention, identification, and rapid incident response to threats, making sure we perform a quick recovery from cyber-related incidents. Our mission is to enable the organization to conduct business safely and efficiently while embedding security into our corporate culture. The CISO team works across Hapag-Lloyd management, business operations, and other divisions to provide secure, usable services that align with our commitment to security as a core value. Hapag-Lloyd faces an increasingly complex environment where disruptive technologies, new cyber threats, and evolving security regulations pose significant risks. In response, we prioritize digitization and customer-centric solutions as part of Hapag-Lloyd’s core values: “We care, We move, We deliver,” which are integral to everything we do. Responsibilities Conduct comprehensive investigations into escalated security incidents, performing root cause analysis and remediation planning to ensure effective threat resolution Coordinate responses across the Cyber Security Operations (CySO) team and ensuring accurate, timely information dissemination Support the entire security incident lifecycle from detection to closure, ensuring proper documentation, root cause analysis, and coordination with stakeholders Perform post-incident analysis, compile and track metrics, and document lessons learned to improve response processes and reduce future risk Develop training materials and enhance team capabilities in Threat Detection and Response Conduct proactive cyber hunting exercises and assist in strategy development for threat detection and remediation Identify workflow automation opportunities to streamline response processes and reduce response times Engage in continuous learning, staying updated on emerging threats and enhancing the Threat Detection and Response team’s techniques and effectiveness Provide timely and accurate briefings to senior stakeholders, including C-level executives, during major security incident responses Ensure compliance with operational procedures, capturing and reporting incident metrics, and identifying opportunities for process improvement Qualifications Master’s or bachelor’s degree or equivalent technical training in Information Technology, Information Systems Security, Cybersecurity, or related field At least 3 years of experience in Cybersecurity, with a focus on Threat Detection and Response (TDR) functions (L3-L4 Analyst) Proven expertise in security incident investigations, especially at a senior level, with experience in deep threat analysis and remediation Demonstrated knowledge of incident response frameworks, such as the Cyber Kill Chain and Diamond Model, with hands-on experience in SIEM systems and network investigations Experience with security tools and platforms, ideally; Microsoft Azure Sentinel, Microsoft Defender, QRadar, Palo Alto XSIAM, and other SIEM and logging systems Familiarity with network protocols (e.g., DNS, HTTP, SMB, …) and expertise in several OS file system, registry functions, and memory artifacts (e.g., Windows, Linux, Unix, AIX, …) Prior relevant experience working in a 24x7 SOC environment with the ability to support high-severity incidents under pressure Experience developing security incident escalation procedures and proactive Threat Hunting exercises Excellent communication skills, with experience presenting technical information to both technical and non-technical stakeholders Industry certifications such as GCIA, GCIH, GCFA, Security, Network, or other incident response and threat detection certifications are preferred Strong analytical skills, with the ability to dissect complex incidents and produce strategic insights for threat management Experience working in Supply Chain, Logistics, Shipping/Transport sectors is a plus. Ability to work collaboratively in a team environment and with employees from various departments