Cyber Manager - Regulations and Policy

Job content

Pick a point on a globe, and Maersk won’t be far away. With 90% of global trade carried by sea, there is a fairly high chance that the shoes on your feet or the phone in your pocket travelled to you on a Maersk vessel. Would you like to impact the daily lives of people in every corner of the world? Then keep reading…

We Offer:

Joining Maersk T&L will embark you on a great journey with career development in a global organisation. As a Senior Cyber Manager – Regulation and Policy, you will gain broad business knowledge of the company’s activities globally, as well as understand how the complexity of IT supports the transport and logistics business.

At Maersk we value the diversity of our talent and will always strive to recruit the best person for the job – we value diversity in all its forms, including but not limited to: gender, age, nationality, race, sexual orientation, disability or religious beliefs. We are proud of our diversity and see it as a genuine source of strength for building high performing teams.

The role..

This role will be working within the Regulation and Policy team to support, maintain and evolve the Cyber Security Policy and Standards in line with the objectives of the CISO.

The role will work closely with Technology functions and Cyber Product Owners to ensure the Cyber Standards reflect the expected capabilities in line with Strategy and Transformative change.

The role will also work closely with Cyber Risk and Assurance teams to capture feedback from assessments and reviews to ensure that Standard requirements and controls remain appropriate and address cyber risk.

Key responsibilities:

Engage primarily with Technology stakeholders across the Maersk organisation to carry out the following:

• Ensure that the Cyber Security Policy is reviewed, updated and approved by the Policy Approval Board at agreed intervals.
• Maintain the Acceptable Use Policy to ensure that it remains relevant, and suitably consumable to the global workforce
• Support the management of the Information Security Management System (ISMS) in line with ISO27001 certification.
• Review the Cyber Security Standards at regular intervals to ensure they remain aligned to the chosen security framework and to developing strategy, capability and changing regulation
• Act as SME to guide stakeholders on the use, translation and operationalisation of the Cyber Security Standards
• Provide tools, materials and communication to support the use and adoption of the Cyber Security Standards
• Work with SMEs within Operational environments (OT/ICS) to ensure that the standards remain aligned and appropriate to these environments
• Maintain the Control Reference Library in light of regulatory and contractual obligation changes, and reflect feedback from Risk and Assurance assessments
• Engage with the Cyber Security Education, Awareness and Training department to ensure communications and material reflect the messages and requirements of the Policy and Standards
• Work with the wider team to drive the reduction of cyber risk and the culture of good cyber security practice

Who we are looking for...

You will liaise with (technical and non-technical) internal and external stakeholders and be involved in workshops and presentations around policy, procedures, standards and frameworks. As such, you will be a communicator and collaborator and comfortable at working across all levels of the organisation.

You will have an awareness of external standards and be genuinely interested in policy. You can assess the environment and understand where these standards are not being applied. More than that you have a drive to understand, maintain and improve things.

You will have previous experience in a large organisation and be a self starter. Your strong analysis skills and decision making abilities coupled with your problem-solving initiative will allow you to drive change. You will also have the ability to work with (sometimes) vague requirements and go through multiple iterations before agreeing on a workable solution

You do not need to be a technical expert, but you will need a general foundation in technology to understand the broader landscape and have effective conversations with stakeholders.