Share this Job
Apply now »
ID:  121692

Arlington, VA, US

Cybersecurity Audit and Compliance Expert

APL, one of the worlds leading ocean carriers, offers more than 90 weekly services and call ports in over 50 countries worldwide. We provide container transportation through our international shipping network which combines high-quality intermodal operations with advanced technology, equipment and e-commerce. APL is part of the CMA CGM Group, a leading worldwide shipping group founded in 1978 by Jacques R. Saade. CMA CGM has a global presence thanks to its numerous vessels calling various ports all over the world. CMA CGM has grown continuously, and has been constantly innovating to offer its clients new sea, land and logistics solutions. Headquartered in Marseilles, the Group has employees all over the world in hundreds of agencies. With over 160 years of experience, APL has the knowledge and the expertise to help our customers grow their businesses and negotiate in an increasingly complex and ever-changing global marketplace - whether that is venturing into new territories or growing in already developed markets.



We are therefore looking for a GRC cybersecurity expert profile: Audit and Compliance. With a risk-based approach, you participate in substantive cybersecurity activities, in order to anchor cybersecurity activities in the various business processes and ultimately in the culture of the organization.

As a quasi-second line of defense, you establish approaches, methodologies, frameworks, to structure the top-down approach to cybersecurity.


The Cybersecurity Audit and Compliance Expert reports to the Vice President, Government Trade.



  • Ensure the relationship with stakeholders involved in cybersecurity audits, internal or external
  • Ensure compliance with the requirements issued for regulatory purposes, mainly around international directives or standards
  • Carry out support and follow-up on the observations of audits issued
  • Collect, consolidate and centralize all information related to audit points
  • Plan, prepare, coordinate and facilitate the interventions of the different types of auditors
  • Coordinate internal and external audits relating to cybersecurity aspects
  • Identify action plans, follow them, and facilitate their implementation
  • Facilitate workshops to ensure a common and shared understanding of the security requirements issued from best practices in Cybersecurity
  • Involve the various stakeholders to formalize corrective action on audit observations
  • Facilitate workshops to prioritize the most critical observations in the context of the CMA CGM Group.
  • Monitor and keep the action plan monitoring register up to date in a tool dedicated to managing GRC action plans
  • Defend remediation positions with stakeholders (Executives, Auditors, IT Staff, Cyber ​​Staff, External, etc.)
  • Develop communications that intervene in training with the various populations of users
  • Facilitate the production of maturity assessments according to the internal methodology


These activities are not exhaustive and may change according to operational needs.




Your profile meets the following criteria:


  • Strong knowledge of those regulations: DFARS Department of Defense, ISO 27001 Standard, CMMc compliance model, NIST 800-53 or NIST 800-171, the NIST Cybersecurity Framework
    • Knowledge of NIS Europe directive, IMO standard, Swift standard, an asset
  • You hold relevant industry certifications in cybersecurity or IT, including:

o Certified Information Systems Security Professional (CISSP)

o IT Infrastructure Library (ITIL)

o ISMS ISO 27001 Lead auditor or Lead Implementer

o Certified Information System Auditor or Manager (CISA-CISM)

  • 10 years minimum experience in a field related to information technology
  • A minimum of 6 years in information security or audits
  • You came from a course focusing on rigor, quality of work and optimization;
  • You have a good understanding of Information Technology operations, processes and methodologies, Audit and internal control methodologies (COSO, Cobit) and organizational resilience processes (BCP / DRP);
  • You have a good understanding of cybersecurity management processes and methodologies (e.g.: ISMS ISO 27001, SMCA ISO 22301, NIST framework)
  • You are adept at vulgarizing and conveying complex messages to an executive audience, including aspects relating to finance, risk, business impacts and performance metrics;
  • Experience in the Transport / Shipping / Logistics sector is an asset;
  • You speak fluent English.




You also have the following qualities:

  • Ability to adapt to various situations and adapt their behavior according to the environment and the type of interlocutor
  • Be proactive to unblock complex situations, in the interest of the organization
  • Capacity for popularization and synthesis of issues and proposed solutions
  • Autonomy and proactive behavior,
  • Perfect written communication, ability to analyze and synthesize, especially orally
  • Team spirit, pedagogy, ability to develop the skills of its partners
  • Ability to acquire new functional skills
  • Ability to work in an international environment, in contact with multicultural and offshore teams
  • Leadership, perseverance and endurance, challenging the status quo
  • Ability to manage change and unite partners around innovative ideas

APL is an Equal Opportunity Employer/Minorities/Female/Disabled/Protected Veteran/Gender Identity/Sexual Orientation.

Alternative application methods are available for individuals who are unable to use or access our online application system.    For assistance, please contact us at










Nearest Major Market: Arlington Virginia
Nearest Secondary Market: Washington DC

Apply now »