Share this Job
Apply now »
ID:  119823

Montreal Qc, CA

Cybersecurity Risk Analyst (GRC)


CMA CGM Group, founded by Jacques R. Saadé, is a leading worldwide shipping & logistics group.

Now headed by Rodolphe Saadé, CMA CGM reinvents transport and logistics in order to offer an integrated maritime, port and land service that exceeds its customers' expectations. 

Present in over 160 countries through 755 offices, 750 warehouses, equipped with a young and diverse fleet of 511 vessels, CMA CGM serves 420 of the world's 521 commercial ports and operates on more then 200 shipping lines. The group currently employs 110,000 people worldwide, including nearly 2,400 in its headquarters in Marseilles.




The CMA CGM Group’s incredible growth is dramatically transforming our core business, reinforcing our leading position as an innovative, bold, and customer-oriented company, enhancing more than ever the security of its global operations.

With more than 250 team members, the Group Cybersecurity Department, covers all subsidiaries and entities of CMA CGM, with a global roadmap composed of 6 major domain streams (Maritime, Logistics, Ships, Terminals, Warehouses, and Subsidiaries). The Department currently monitors around 80 projects and provides through its 24/7 Operations continuous reliability.


In two and a half years, our Cybersecurity team has operated major strategic changes and implemented top-level solutions to secure even further our business activities worldwide: Risk Management tools, IAM, Office 365 security, Networks, Endpoints and Cloud protection, Application Security Enhancement, Cyber Defense Center (SOC and CERT) construction.

We look now to reinforce our teams with new skills to reach the next level of Cybersecurity and continue building a globally structured team based in Marseilles, Beirut, Manila, Montreal, Miami, and more…


As a key focus for the Group, our Top Management fully sponsors this Global Cybersecurity Program, through strategic investments in the best market technologies and an ambitious recruitment campaign in 2022, providing assets, skills, and top-level resilience to face the world’s global challenges ahead.

We are therefore looking for a Cybersecurity Risk Analyst (GRC) profile, to facilitate the implementation of a comprehensive risk-based approach for the CMA CGM Group. This includes the steps of risk assessment, risk treatment and risk acceptance, while evolving methodology and internal processes.
Liaison with supply chain activities will be essential, in order to assess the level of security of critical suppliers, produce executive reports on the recommendations identified and establish security plans to be implemented and monitored with these suppliers.
The Cybersecurity Risk Analyst reports to the Director of Cyber Risk, under the Senior Director GRC.


As a Cybersecurity Risk Analyst, within the Group Cybersecurity team, you will be in charge of:

•    Review and sometimes develop security architectures for complex systems
•    Identify security objectives in compliance with security policies and standards
•    Knowing how to conceptualize security management solutions
•    Act as a technical expert with internal partners
•    Define technical security specifications in contract
•    Evaluate supplier contracts, improve them and insert cybersecurity clauses
•    Perform security audits and monitor compliance with procedures
•    Categorize the organization's assets
•    Evaluate the residual risk when there is a difference between the architecture defined and that implemented
•    Monitor and improve the risk management methodology

•    These activities are not exhaustive and may change according to operational needs. 

Your profile meets the following criteria:
•    You hold relevant industry certifications in cybersecurity, including but not limited to:
o    Certificate of Cloud Security Knowledge (CCSK)
o    Certified Information Systems Security Professional (CISSP)
o    Risk Manager ISO 27005
o    ISMS ISO 27001 Lead auditor or Lead Implementer
o    Certified Information System Auditor (CISA)
o    CCNA-Security
o    Certified Cloud Security Professional (CCSP)
o    Certified Ethical Hacker (CEH)
•    You come from a course, ideally Engineer or equivalent, focusing on rigor and optimization
•    You have at least 8 years of experience in a similar role, as a cybersecurity analyst or 4 years of experience in security architecture (confidentiality, authentication, identity and access, standards, policies, intrusion detection , security perimeter, etc.);
•    You are adept at popularizing and conveying a complex message to an executive audience, including financial aspects, risks, business impacts and performance metrics;
•    Experience in the Transport / Shipping / Logistics sector is an asset; 
•    You speak fluent English.

You also have the following qualities:
•    Autonomy and proactive behavior,
•    Written and oral communication, capacity for analysis and synthesis
•    Ability to adapt to various situations and to adjust their behavior according to the environment and the type of speaker
•    Team spirit, pedagogy, ability to develop skills
•    Ability to acquire new functional skills,
•    Ability to identify the different components of a problem with a view to their treatment
•    Capacity for popularization and synthesis of issues and proposed solutions
•    Ability to work in an international environment, in contact with multicultural and offshore teams,
•    Perseverance and pedagogy, all keen to make things happen, challenge the status quo



Come along on CMA CGM’s adventure !











Apply now »