Cybersecurity Risk Manager

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.

Through the CMA CGM Foundation, the Group acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 150,000 people worldwide, including 2,900 in Marseilles where its head office is located.

**THE ROLE**:
We are looking for a Cybersecurity Risk Management manager profile, to facilitate the management of a global team. This team is in charge of carrying out the formalization, deployment, and continuous optimization of a risk management practice for the CMA CGM Group. From the framework of corporate risk management practice, the manager will have to ensure the realization of security risk assessment on information systems, on request and within the framework of the integration of security in projects. You will also participate in overseeing the improvement of the methodology and internal processes, including the treatment and acceptance of risk.

Liaison with supply chain activities will be required, when returning from the analysis of the security level assessments of critical suppliers and monitoring the security plans to be implemented and traced with these suppliers.

The Cybersecurity Risk Manager reports to the GRC Director.

**RESPONSIBILITIES**:
As Cybersecurity Risk team manager, within the Group Cybersecurity team, you will be in charge of:
Act as a referent for the cybersecurity risk management methodology

Be the privileged point of contact for the various partner teams of the Cybersecurity team in terms of risks

Promote cyber risk governance, associated process, as well as the establishment of clear roles and responsibilities in terms of presentation and decision around risk mitigation (risk owners and control owners)

Set up a team of Subject Matter Experts (SMEs) to revise the framework and methodology as well as to qualify cyber risk assessment/analysis

Ensure superior know-how and interpersonal skills within the team, which must involve the different business lines for the appropriation of risks

Train and support the 1st line of defense on cyber security risk assessment and analysis

Enable the risk-based approach by linking budget & risks to accompany the business (opportunity) or to mitigate a threat

Strengthen the risk assessment stage for projects

Ensure the effective risk mitigation through the development/maturing of security controls/capabilities addressed by security programs/projects
- Present the risks status to the various stakeholders, including top management

Automate the framework via the use of tools

**Be the guarantor that the team**:
Identifies security objectives in compliance with security policies and standards

Knows how to conceptualize security management solutions

Acts as a technical expert with internal partners

Proceeds with the categorization of the assets of the organization

Assess the residual risk when there is a gap between the defined architecture and the one implemented

Follows and improves the risk management methodology

These activities are not exhaustive and may change according to operational needs.

**PROFILE AND QUALIFICATIONS**:
**Your profile meets the following criteria**:
You hold relevant industry certifications in cybersecurity, including:
Certified in Risk and Information System Controls (CRISC)

Risk Manager ISO 27005 or Ebios Risk Manager

Certified Information Systems Security Professional (CISSP)

ISMS ISO 27001 Lead Auditor or Lead Implementer

Certified Information System Auditor (CISA)

You come from a curriculum ideally Engineer or equivalent, focusing on rigor and optimization;
You have at least 10 years of experience in a similar role, as a cybersecurity analyst or 5 years of experience in security team management (confidentiality, authentication, identity and access, risk management, standards, policies, intrusion detection, security perimeter, etc.);
You master at least one security risk assessment method, for example ISO 27005, ISO 31000, MeHaRi, Ebios RM or FAIR;
You know risk mitigation concepts (e.g. kill chain) and risk representation concepts (e.g. bowtie);
You are skilled in popularizing and conveying a complex message to an executive audience, including financial aspects, risks, business impacts and perfo