Group Cyber and IT Internal Audit Expert

Led by Rodolphe Saadé, the CMA CGM Group, a global leader in shipping and logistics, serves more than 420 ports around the world on five continents. With its subsidiary CEVA Logistics, a world leader in logistics, and its air freight division CMA CGM AIR CARGO, the CMA CGM Group is continually innovating to offer its customers a complete and increasingly efficient range of new shipping, land, air and logistics solutions.

Committed to the energy transition in shipping, and a pioneer in the use of alternative fuels, the CMA CGM Group has set a target to become Net Zero Carbon by 2050.
Through the CMA CGM Foundation, the Group acts in humanitarian crises that require an emergency response by mobilizing the Group’s shipping and logistics expertise to bring humanitarian supplies around the world.

Present in 160 countries through its network of more than 400 offices and 750 warehouses, the Group employs more than 155,000 people worldwide, including 4,000 in Marseilles where its head office is located.

YOUR ROLE

Group Internal Audit is an independent function whose primary mission is to enhance and protect organizational value by providing risk-based and objective assurance, advice, and insight.

As Group Cyber & IT Internal Audit Expert, you will be based at the CMA CGM Head Office in Marseille, reporting to the CMA CGM Group Cyber & IT Internal Audit Manager.

You will be responsible for leading and executing IT internal audit engagements in accordance with the annual audit plan within the whole CMA CGM group perimeter.

You will be traveling around 30-40% of your working time.

WHAT ARE YOU GOING TO DO?

• Execute audit engagements of various types in accordance with the annual audit plan and specific requests from stakeholders.
• Audit Preparation: i) retrieve & analyze data and applicable policies, ii) perform focused interviews to develop a risk-based audit working program adapted to the scope and objectives of the assigned review.
• Audit Fieldwork: Perform interviews, controls and analytical tests in accordance with the developed audit working program and group internal audit methodology. Draft and share with auditees the audit preliminary conclusions.
• Audit Reporting: Drafting the audit report outlining the issues and gaps identified. For all findings, the report will include detailed root cause analysis, associated risks and recommendations. Remediation action plans proposed by the auditees will also be included.
• Audit Debriefing: Debrief local, regional and top management as needed.
• Audit Follow-up: Regular follow-up of action plans agreed with auditees to ensure risks related to the identified gaps are under control.
• As mission leader: in collaboration with the internal audit management, define the audit’s scope and schedule in accordance with the objectives. Define and assign to each auditor a part of the audit work scope. Coordinate and monitor the progress of the audit work for the whole audit team to ensure audit objectives are met (schedule and scope). Be the primary interface for both the audit management and Auditees from the audit preparation to the follow-up phase
• Audit Methodology: identify and propose changes and improvements to the internal audit methodology (e.g., test, deliverables) to ensure the audit approach is adapted to the evolution of the internal and external contexts (e.g., deployment of new IT operational systems, enforcement of new regulations)

WHO ARE WE LOOKING FOR?

Master of Science in IT, Computer sciences or Engineering.

• International experience during the academic period is a strong plus.
• At least 5 years of working experience in IT with focus on Internal Controls or Cybersecurity, or internal audit of multinational groups (preferred) possibly combined with external audit experience (international audit firm).
• Experience in transaction services advisory at a global consulting firm is an advantage.
• Experience in IT Operations, IT Projects, Artificial Intelligence, Data Engineering
• Audit related professional certifications are highly appreciated: CISA, ISO27001 Lead auditor, CEH, CIA…
• Familiar with existing IT frameworks such as ISO 27001, NIST, COBIT or ITIL
• Solid knowledge of any of the following: IT Governance, IT Operations & Security
• Experience in Data analytics/Engineering
• IT Risk assessment abilities
• Ability to quickly learn the key concepts of new/emerging technologies and identify key risk areas within those technologies.
• Data mining and analytics skills.
• Great team player with the ability to take the initiative and work independently.
• Ability to prioritize tasks and deliver on time.
• Fluency in English is mandatory (both written and oral.

Come along on CMA CGM’s adventure !