Compliance Consultant
Location
------------
Paris
Employment Type
-------------------
Contract
Location Type
-----------------
Hybrid
Department
--------------
Cyber Security
OverviewApplicationThe Role
We are looking for an experienced cybersecurity and compliance professional with strong knowledge of the EU Cyber Resilience Act (CRA).
In this role, you’ll work directly with clients to assess and improve their CRA readiness, leading gap analysis, shaping compliance frameworks, and supporting ongoing alignment. A particular focus will be on vulnerability management and incident reporting requirements under Article 14\. This is a hands\-on, client\-facing role suited to someone comfortable working across hardware, embedded systems, and cloud or SaaS environments.
Key Responsibilities
- Lead CRA scoping exercises to determine product classification (default, Important Class I/II or Critical) across hardware, software and connected infrastructure
- Conduct gap analysis workshops to assess clients' current security posture against CRA requirements
- Design and implement CRA compliance frameworks within GRC platforms (e.g. Vanta, ServiceNow GRC)
- Advise on Article 14 obligations including the definition of "severe incidents" and "actively exploited vulnerabilities," and establish reporting processes to ENISA and relevant CSIRTs
- Advise on corrective measure notification timeframes and patching obligations in line with regulatory requirements
- Define SBOM (Software Bill of Materials) requirements and support clients in establishing SBOM processes where applicable
- Map CRA controls to existing client frameworks (e.g. ISO 27001, SOC 2, NIS2\)
- Produce client\-ready proposals, compliance roadmaps and remediation plans
- Deliver ongoing advisory and retainer\-based support post\-initial engagement
- Demonstrable experience with the EU Cyber Resilience Act, including its product scope, classification criteria and Article 14 reporting obligations
- Familiarity with ENISA and CSIRT reporting mechanisms and processes
- Strong understanding of vulnerability management, incident response and secure development lifecycle (SDL/SSDLC)
- Experience working with connected hardware and software products (e.g. IoT, telematics, embedded systems)
- Experience with GRC tooling such as Vanta, Drata or equivalent
- Ability to advise on SBOM generation and management (e.g. CycloneDX, SPDX formats)
- Knowledge of complementary EU regulatory frameworks including NIS2 and GDPR
- Excellent written and verbal communication skills, with the ability to translate regulatory requirements into practical client guidance
- Comfortable leading workshops and stakeholder engagements at technical and executive level
- Knowledge of relevant product certification schemes and EU market access requirements
- Multilingual ability (French is a strong advantage given the client base)
- Prior experience in automotive, telematics or connected vehicle sectors
- Degree in Computer Science, Information Security, Law or a related discipline (or equivalent experience)
- Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer or equivalent
- Formal training or certification in EU cybersecurity regulation is advantageous
Instil has been delivering world\-class software engineering and technology solutions for over 20 years, trusted by global brands to solve complex challenges and drive innovation. From modernising legacy systems to building cutting\-edge applications, we help our clients navigate an ever\-changing digital landscape with confidence and agility.
We’re proud to be an award\-winning employer, reflecting how our people are at the heart of everything we do:
- Recognised as a Great Place to Work® for three consecutive years, and in 2024 ranked in the Top 20 Best Workplaces in the UK for medium\-sized companies.
- Winner of Company of the Year at the Digital DNA Awards 2022, celebrating excellence in Northern Ireland’s tech sector.
\#LI\-PR1 \#InstilCareers
Cette annonce provient de indeed. Voir l'annonce originale ↗