Vulnerability Management Analyst

Job Description

Background Hapag-Lloyd CISO is accountable on keeping the business secure and to safeguard customer trust by predicting, preventing, identifying, and responding to threats and make sure a quick recovery from cyber-related incidents. Whilst assisting Hapag-Lloyd management, business, and other areas, we enable our employees by providing usable and secure services and ensuring that security is part of our DNA. Our mission is to enable the company to continue doing business securely and efficiently. Hapag-Lloyd is operating in an increasingly complex environment were disruptive technologies, new types of threats and new cyber security regulations create additional cyber risks for organizations. Digitization is a top priority as customer preferences are changing towards mobile and digital and is part of Hapag-Lloyd values: ?We care, We move, We deliver? , which are the heart of everything we do. Summary Of The Role We are currently seeking a dedicated and analytical Vulnerability Management Analyst to join our Cyber Resilience Fusion Center team. This role is essential for protecting our Information Technology (IT) and Operational Technology (OT) environments from potential threats and vulnerabilities. The ideal candidate will be responsible for identifying, evaluating, and reporting on security vulnerabilities within our systems and networks. Working in the Attack Surface Management (ASM) area, the Vulnerability Management Analyst plays a crucial role in maintaining the integrity, confidentiality, and availability of our IT and OT infrastructures by ensuring our systems are safeguarded against the latest threats. Responsibilities And Tasks Conduct regular scans of IT and OT systems to identify vulnerabilities and assess their potential impact. Perform thorough risk assessments on identified vulnerabilities, considering both the technical aspects and the business context. Collaborate with IT and OT teams to prioritize and facilitate the timely patching of vulnerabilities. Prepare detailed reports on vulnerability findings, including risk assessments, recommended actions, and patch management status. Develop and maintain Vulnerability Management policies, procedures, and related documentation to ensure consistent and effective practices. Stay abreast of the latest cybersecurity threats and vulnerabilities, incorporating this intelligence into Vulnerability Management processes. Communicate effectively with various stakeholders, including IT and OT teams, management, and external partners, to ensure a comprehensive understanding of vulnerabilities, impacts, and mitigation strategies. Provide expertise and support during cybersecurity incidents related to vulnerabilities. Assist in compliance efforts and audits, ensuring that Vulnerability Management practices meet industry standards and regulatory requirements. Regularly review and recommend improvements to the Vulnerability Management program to enhance security posture. Requirements And Qualifications Master?s or bachelor?s degree or equivalent technical training in Information Technology, Information Systems Security, Cybersecurity, or related field. Minimum of 3 years of experience in Cybersecurity, specifically in Vulnerability Management, risk assessment, or a similar role. Strong understanding of both Information Technology (IT) and Operational Technology (OT) systems and their unique security challenges. Proficiency with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7) and familiarity with security frameworks (e.g., NIST, ISO 27001). Ability to analyze vulnerability data, assess risks, and prioritize responses based on potential impact. Excellent written and verbal communication skills, with the ability to explain technical details to non-technical stakeholders. Relevant certifications such as CEH, Security+, PenTest+, GSEC are desired. Good understanding of Windows, UNIX and Linux operating systems functions and security. Ability to clearly convey results in formal technical reports and deliver briefings to senior staff, technical specialists, and management, including CISO and C-Suite. Excellent soft skills ? team building, conflict resolution, empathy, motivation, creativity, flexibility. Experience working in Supply Chain, Logistics, Shipping/Transport sectors is a plus. Creative and flexible mindset. Responsive and able to take responsibility for actions & deliverables. Stick to commitments and hold each other accountable. Ability to work collaboratively in a team environment and with employees from various departments. Excellent oral and written English communication skills.