grc - cybersecurity audit and Compliance advisorCMA CGM
Workplace: MetroManila, Manila, Makati
Salary: Agreement
Work form: Full time
Posting Date: 08/06/2025
Deadline: 23/10/2022
We are therefore looking for a GRC cybersecurity advisor profile: Audit and Compliance. With a risk-based approach, you participate in substantive cybersecurity activities, in order to anchor cybersecurity activities in the various business processes and ultimately in the culture of the organization.
As a quasi-second line of defense, you establish approaches, methodologies, frameworks, to structure the top-down approach to cybersecurity.
The Cybersecurity Audit and Compliance Advisor reports to the GRC Director.
ACTIVITIES :
Ensure the relationship with stakeholders involved in cybersecurity audits, internal or external
Ensure compliance with the requirements issued for regulatory purposes, mainly around international directives or standards
Carry out support and follow-up on the observations of audits issued
Collect, consolidate and centralize all information related to audit points
Plan, prepare, coordinate and facilitate the interventions of the different types of auditors
Coordinate internal and external audits relating to cybersecurity aspects
Identify action plans, follow them, and facilitate their implementation
Facilitate workshops to ensure a common and shared understanding of the security requirements issued from best practices in Cybersecurity
Involve the various stakeholders to formalize corrective action on audit observations
Facilitate workshops to prioritize the most critical observations in the context of the CMA CGM Group.
Monitor and keep the action plan monitoring register up to date in a tool dedicated to managing GRC action plans
Defend remediation positions with stakeholders (Executives, Auditors, IT Staff, Cyber Staff, External, etc.)
Develop communications that intervene in training with the various populations of users
Facilitate the production of maturity assessments according to the internal methodology
These activities are not exhaustive and may change according to operational needs.
SKILLS :
Your profile meets the following criteria:
Strong knowledge of at least 2 of those regulations: NIS directive, DFARS Department of Defense, IMO standard, Swift standard, ISO 27001 Standard, CMMc compliance model, TiSAX standard, the NIST Cybersecurity Framework
You hold relevant industry certifications in cybersecurity or IT, including:
o Certified Information Systems Security Professional (CISSP)
o IT Infrastructure Library (ITIL)
o ISMS ISO 27001 Lead auditor or Lead Implementer
o Certified Information System Auditor or Manager (CISA-CISM)
10 years minimum experience in a field related to information technology
A minimum of 6 years in information security or audits
You came from a course focusing on rigor, quality of work and optimization;
You have a good understanding of Information Technology operations, processes and methodologies, Audit and internal control methodologies (COSO, Cobit) and organizational resilience processes (BCP / DRP);
You have a good understanding of cybersecurity management processes and methodologies (e.g.: ISMS ISO 27001, SMCA ISO 22301, NIST framework)
You are adept at popularizing and conveying complex messages to an executive audience, including aspects relating to finance, risk, business impacts and performance metrics;
Experience in the Transport / Shipping / Logistics sector is an asset;
You speak fluent English.
PROFILE and KNOW-BEING:
You also have the following qualities:
Ability to adapt to various situations and adapt their behavior according to the environment and the type of interlocutor
Be proactive to unblock complex situations, in the interest of the organization
Capacity for popularization and synthesis of issues and proposed solutions
Autonomy and proactive behavior,
Perfect written communication, ability to analyze and synthesize, especially orally
Team spirit, pedagogy, ability to develop the skills of its partners
Ability to acquire new functional skills
Ability to work in an international environment, in contact with multicultural and offshore teams
Leadership, perseverance and endurance, challenging the status quo
Ability to manage change and unite partners around innovative ideas
As a global organization, and as part of the CMA CGM Group, diversity is critical to our business success; only when we can reflect the cultures, languages, behaviors and local knowledge of our customers, we can succeed. By employing people with different experiences and abilities, we expand our knowledge and increase our creativity and innovation.
Please note: Legitimate CEVA Logistics recruitment processes include communication with candidates through recognized professional networks, such as LinkedIn or via an official company email address: [Protected Info]. We recommend that you do not respond to unsolicited business propositions and/or offers from people with whom you are unfamiliar.
CMA CGM
As a quasi-second line of defense, you establish approaches, methodologies, frameworks, to structure the top-down approach to cybersecurity.
The Cybersecurity Audit and Compliance Advisor reports to the GRC Director.
ACTIVITIES :
Ensure the relationship with stakeholders involved in cybersecurity audits, internal or external
Ensure compliance with the requirements issued for regulatory purposes, mainly around international directives or standards
Carry out support and follow-up on the observations of audits issued
Collect, consolidate and centralize all information related to audit points
Plan, prepare, coordinate and facilitate the interventions of the different types of auditors
Coordinate internal and external audits relating to cybersecurity aspects
Identify action plans, follow them, and facilitate their implementation
Facilitate workshops to ensure a common and shared understanding of the security requirements issued from best practices in Cybersecurity
Involve the various stakeholders to formalize corrective action on audit observations
Facilitate workshops to prioritize the most critical observations in the context of the CMA CGM Group.
Monitor and keep the action plan monitoring register up to date in a tool dedicated to managing GRC action plans
Defend remediation positions with stakeholders (Executives, Auditors, IT Staff, Cyber Staff, External, etc.)
Develop communications that intervene in training with the various populations of users
Facilitate the production of maturity assessments according to the internal methodology
These activities are not exhaustive and may change according to operational needs.
SKILLS :
Your profile meets the following criteria:
Strong knowledge of at least 2 of those regulations: NIS directive, DFARS Department of Defense, IMO standard, Swift standard, ISO 27001 Standard, CMMc compliance model, TiSAX standard, the NIST Cybersecurity Framework
You hold relevant industry certifications in cybersecurity or IT, including:
o Certified Information Systems Security Professional (CISSP)
o IT Infrastructure Library (ITIL)
o ISMS ISO 27001 Lead auditor or Lead Implementer
o Certified Information System Auditor or Manager (CISA-CISM)
10 years minimum experience in a field related to information technology
A minimum of 6 years in information security or audits
You came from a course focusing on rigor, quality of work and optimization;
You have a good understanding of Information Technology operations, processes and methodologies, Audit and internal control methodologies (COSO, Cobit) and organizational resilience processes (BCP / DRP);
You have a good understanding of cybersecurity management processes and methodologies (e.g.: ISMS ISO 27001, SMCA ISO 22301, NIST framework)
You are adept at popularizing and conveying complex messages to an executive audience, including aspects relating to finance, risk, business impacts and performance metrics;
Experience in the Transport / Shipping / Logistics sector is an asset;
You speak fluent English.
PROFILE and KNOW-BEING:
You also have the following qualities:
Ability to adapt to various situations and adapt their behavior according to the environment and the type of interlocutor
Be proactive to unblock complex situations, in the interest of the organization
Capacity for popularization and synthesis of issues and proposed solutions
Autonomy and proactive behavior,
Perfect written communication, ability to analyze and synthesize, especially orally
Team spirit, pedagogy, ability to develop the skills of its partners
Ability to acquire new functional skills
Ability to work in an international environment, in contact with multicultural and offshore teams
Leadership, perseverance and endurance, challenging the status quo
Ability to manage change and unite partners around innovative ideas
As a global organization, and as part of the CMA CGM Group, diversity is critical to our business success; only when we can reflect the cultures, languages, behaviors and local knowledge of our customers, we can succeed. By employing people with different experiences and abilities, we expand our knowledge and increase our creativity and innovation.
Please note: Legitimate CEVA Logistics recruitment processes include communication with candidates through recognized professional networks, such as LinkedIn or via an official company email address: [Protected Info]. We recommend that you do not respond to unsolicited business propositions and/or offers from people with whom you are unfamiliar.
CMA CGM
Other Info
Makati City, Metro Manila
Permanent
Full-time
Permanent
Full-time
Submit profile
CMA CGM
About the company
Global IT Service Operations and Support Specialist
MetroManila, ManilaAgreement
Position grc - cybersecurity audit and Compliance advisor recruited by the company CMA CGM at MetroManila, Manila, Makati, Joboko automatically collects the salary of , finds more jobs on GRC - Cybersecurity Audit and Compliance Advisor or CMA CGM company in the links above
About the company