Share this Job
Apply now »
ID:  122269

Marseille, FR

GRC Director (M/F)


Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group also acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 130,000 people worldwide, including 2,900 in Marseilles where its head office is located.



Act as the global lead and subject matter expert for Governance, Risks, and Compliance strategy and monitor the whole GRC policy for the group CMA CGM. You will act as an expert in GRC strategies, managing a global team of GRC Specialists, contributing to the identification, development, implementation, maintenance and oversight of information security policies, procedures, and processes across the organization in order to reduce risks, minimize incidents impacts, and limit exposure to liability in all areas of financial, physical and personal risks.





  • Lead the definition and the implementation of the corporate information security strategy aligned with the CMA CGM strategic vision and plan.
  • Manage a team of experts responsible for the 3 following topics: 



  • Define the policies, procedures, standards and processes to implement the security strategy across the organization and entities of the Group and ensure ongoing maintenance and audit of information security.
  • Define a security control framework and audit requirements to monitor the effectiveness of the security policies, procedures and management framework, including the involvement of third parties.
  • Provide safeguard recommendations and assist CMA CGM Business and support functions with the implementation of these recommendations stemming from security risk assessments.
  • Ensure that the operational recommendations are followed by the risk owners, in collaboration with the Enterprise Risk Management group, but also assist in planning and sponsor the security awareness program to support continuous training on security related topics.



  • Conduct information security risk assessments, based on a framework which specify how to define, identify and classify critical assets, assess threats and vulnerabilities regarding those assets across the organization, in order to ensure that key risk issues are understood, communicated, and tracked on appropriate risk registers.
  • Promote and facilitate cybersecurity incident post-mortems, which allow to identify gaps and remediation actions, quick wins or long terms.
  • Define information security key performance indicators that will ultimately be reported to executive management through dashboards crafted with those purpose.
  • Perform a continuous improvement approach to industrialize the capture of risk information for consolidation, centralization and decision-making process, streamlined across the organization.



  • Coordinate security related processes and ensure compliance toward regulatory frameworks such as NIST CSF, NIST 800-171, ISO 27001, NIS OES or OVI, PCI, CMMC, Swift, China Security Law and ISO 27005 or COBIT v5, encompassing physical protection, premises access, asset protection and digital security.
  • Provide support and collaborative effort to Privacy-related compliance regulations (i.e. GDPR, Data Sovereignty Act, PIPEDA, CCPA, etc…).
  • Optimize continuously the process allowing to track, follow-up and remediate the audit findings from the various audit reports.
  • Represent Information Security within working groups for various projects or initiatives to ensure that information security requirements and frameworks are communicated and respected. 





  • Education:  
    • You hold some of these certifications: CISSP, CISM, CISA, CRISC, or CGEIT.


  • Knowledge & Experience:  
    • Experience in NIST CSF, NIST 800-53, ISO 27001, PCI and ISO 27005 or COBIT v5
    • Minimum 5 years managing a GRC cybersecurity team
    • Minimum 10 years in Cybersecurity working on GRC field in matrixial international organizations, such as financial sector or equivalent
    • A good understanding of maritime transportation domain, or transports and logistics industries an asset
    • You have a strong experience in information security governance, consultative stakeholder management, and strategic planning, such as a deep understanding of information security frameworks, processes and best practices
    • Knowledge of technological trends and developments in area of information security and risk management
    • Knowledge of aviation freight transportation and International Maritime Organization a plus


  • Softkills:
    • Fluent in English, fluent in French, oral and written, with impeccable Executive presentation
    • Strong presentation skills
    • Excellent interpersonal skills – capable to act as a leader, manage a team but also act as a team player to promote the value of security with internal and external senior executives. 
    • Capable of efficiently managing both direct and indirect employees 
    • Strong communication and facilitation skills, with a clear ability to build strong relationships with stakeholders at all levels and explain complex matters in understandable form to general business professionals
    • Proven problem-solving skills and the ability to identify, analyze, and resolve issues, driving solutions through to completion
    • Strong work ethic, professional integrity and the ability to handle confidential matters in a professional manner, applying the appropriate level of judgement and maturity
    • Proactive, hardworking, team player and results oriented
    • Flexible and adaptable to change

Come along on CMA CGM’s adventure !











Apply now »