FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Tech Stack
Tools & technologiesCyber SecurityIoTServiceNow
About the role
Key responsibilities & impact- Lead CRA scoping exercises to determine product classification (default, Important Class I/II or Critical) across hardware, software and connected infrastructure
- Conduct gap analysis workshops to assess clients' current security posture against CRA requirements
- Design and implement CRA compliance frameworks within GRC platforms (e.g. Vanta, ServiceNow GRC)
- Advise on Article 14 obligations including the definition of "severe incidents" and "actively exploited vulnerabilities," and establish reporting processes to ENISA and relevant CSIRTs
- Advise on corrective measure notification timeframes and patching obligations in line with regulatory requirements
- Define SBOM (Software Bill of Materials) requirements and support clients in establishing SBOM processes where applicable
- Map CRA controls to existing client frameworks (e.g. ISO 27001, SOC 2, NIS2)
- Produce client-ready proposals, compliance roadmaps and remediation plans
- Deliver ongoing advisory and retainer-based support post-initial engagement
Requirements
What you’ll need- Demonstrable experience with the EU Cyber Resilience Act, including its product scope, classification criteria and Article 14 reporting obligations
- Familiarity with ENISA and CSIRT reporting mechanisms and processes
- Strong understanding of vulnerability management, incident response and secure development lifecycle (SDL/SSDLC)
- Experience working with connected hardware and software products (e.g. IoT, telematics, embedded systems)
- Experience with GRC tooling such as Vanta, Drata or equivalent
- Ability to advise on SBOM generation and management (e.g. CycloneDX, SPDX formats)
- Knowledge of complementary EU regulatory frameworks including NIS2 and GDPR
- Excellent written and verbal communication skills, with the ability to translate regulatory requirements into practical client guidance
- Comfortable leading workshops and stakeholder engagements at technical and executive level
- Degree in Computer Science, Information Security, Law or a related discipline (or equivalent experience)
- Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer or equivalent
- Formal training or certification in EU cybersecurity regulation is advantageous.
Benefits
Comp & perks- award-winning employer
- Great Place to Work® for three consecutive years
- Winner of Company of the Year at the Digital DNA Awards 2022
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
EU Cyber Resilience Actvulnerability managementincident responsesecure development lifecycleSBOM generationGRC compliance frameworksgap analysisproduct classificationregulatory requirementscompliance roadmaps
Soft Skills
excellent written communicationexcellent verbal communicationstakeholder engagementworkshop facilitationclient guidanceadvisory skillsleadershiporganizational skillsanalytical skillsproblem-solving
Certifications
CISSPCISMISO 27001 Lead ImplementerEU cybersecurity regulation certification