Jan 14, 2020

Cyber Security Consultant

  • Maersk Oil
  • Maidenhead SL6, UK
Full Time Permanent Information Technology

Job Description


The Transport & Logistics Division of the A.P. Moller - Maersk Group is dedicated to delivering the highest level of customer-focused and reliable ocean transportation services. Our vision, built from a strong heritage of uprightness, constant care, and innovation, has guided our business operations since the first Maersk vessel sailed in 1904. By remaining committed to that vision we have expanded our business to become the world's largest ocean carrier. And we are consistently recognized as the most reliable container shipping company in the world.

Maersk offers an attractive value proposition for its employees, with a package consisting of an externally benchmarked salary, pension scheme, 25 days holiday a year and a number of other attractive benefits (details dependent on working location).

Maersk has embarked on a transformation journey, focusing on a long-term strategy in Transport & Logistics to remain best in class in an industry that is increasingly volatile. At the very core of this strategy lie Digitization and IT. Viewed as a significant enabler of our company strategy, Digitization and IT are taking center stage in our aspiration to secure sustainable growth of our businesses in the Transport & Logistics Division. We actively engage the business and deliver its needs while undergoing our own transformation.

We aim to be a world-class professional IT organization that delivers business value through automation, standardization, increased forecasting capabilities and proactive handling of the market. These are levers that our leadership rely on to maintain a strong and stable presence in the market. We further aim to establish one global platform on which we effectively build systems that allow us to differentiate from our competitors in the market.


We offer

Joining Maersk Technology as Cyber Security Consultant you will gain broad business knowledge of the company's activities globally, as well as understand how the complexity of Technology supports the transport and logistics business.

You will be exposed to a wide and challenging range of business issues through regular engagement with key stakeholders across all management levels within Maersk.

You will work and communicate across geographical and cultural borders that will enable you to build a strong professional network. We believe people thrive when they are in charge of their career paths and professional growth. We will provide you with opportunities to broaden your knowledge and strengthen your technical and professional foundation.

By choosing Maersk, you join not only for the role, but for a career. From here your path may take you towards extended responsibilities within the A.P. Moller - Maersk Group.

Key responsibilities

• Assist prioritized product delivery teams by helping them understand Maersk security requirements and security risks inherent in their approach to delivering technology solutions
• Articulate identified risk(s) during development to Business Risk Owner(s) and help mitigate where possible implementing suitable, cost-effective security measures throughout the development phases (Agile/DevOps)
• Support production of new and existing mandatory cyber security patterns/requirements.
• Support production of mandatory cyber security implementation requirements (self-service)
• Support Maersk Security Testing methodology in having proportionate security testing performed (using framework vendors) on technology infrastructure and products
• Monitor treatment and tracking of identified risks to ensure that security is properly embedded at product delivery
• Support requests/questions from internal functions, providing clear guidance when possible and relaying to specific Maersk security functions (CISO and Security Operations) when applicable
• Support research and development on current and emerging security trends and threats
• Promote Cyber Security good practices and represent Information Security on all levels within Maersk IT

• Primary internal stakeholder:
• Product Strategy & Planning (PSP)
• Product & Solution Engineering (PSE)
• Design & Engineering (D&E)
• Maersk integrated and non-integrated Segments / Brands
• Security Operations
• Enterprise Architecture

• Primary external stakeholders:
• Regulatory bodies
• Third party vendors

We are looking for

A vacancy exists for a Cyber Security Consultant within Maersk Technology Cyber Security Team. The successful candidate will be accountable to support prioritized product delivery teams by helping them understand Maersk security requirements and security risks inherent in their approach to delivering technology solutions

The role will involve:
• Acting as a proactive and central participant in a strong team of skilled Cyber Security professionals.
• Engaging with stakeholders across Maersk Portfolios, Maersk Technology product delivery teams and external suppliers as a Cyber Security SME
• Reviewing technology objectives for new Maersk Technology developments, and their resulting security requirements, making recommendations accordingly
•In collaboration with Risk and Compliance teams you will also offer ad-hoc advisory, risk guidance and perform research and development activities on new security developments

Required skills:
• Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel
• Ability to manage conflicting priorities and multiple tasks
• Handles most situations independently but will timely seek advice and guidance on more complex issues
• Stakeholder management and interpersonal skills at both a technical and non-technical level
• Able to work in a collaborative environment
• Outstanding critical reasoning and problem-solving skills - sticks to the problem until it is resolved
• Proven ability to work and effectively prioritize in a dynamic and decentralized work environment
• Being able to explain complex ideas in a concise manner
• Being able to articulate the risks in a language that the business understands
• High attention to detail
• Be able to work under pressure and meet deadlines

Required experience:
• A Master degree in computer sciences, information management or another related area (a Bachelor degree can be accepted if experience is extensive)
• One or more Information Security Certifications (e.g. CISSP, CISM, CCSP, SCCP, Ethical hacking) are required
• Minimum 5 years' experience of managing and implementing risk within a global and similar size business;
• Solid security relevant experience, typically 7+ years, including technical Cyber Security and Risk Management experience
• Broad general IT knowledge (networks, architecture, Cloud etc)
• Excellent knowledge and understanding of securing cloud technologies.
• Excellent knowledge of Security Architecture principles
• Good understanding of Security Frameworks and Standards such as ISO27001, NIST, SABSA, TOGAF
• Good understanding of IAM, PKI, App Containerization, Azure
• Good understanding of SAST/DAST
• Experience with ICS/SCADA engineering is a preference