ComplianceConsultant

The Role We are looking for an experienced cybersecurity and compliance professional with strong knowledge of the EU Cyber Resilience Act (CRA). In this role, you’ll work directly with clients to assess and improve their CRA readiness, leading gap analysis, shaping compliance frameworks, and supporting ongoing alignment. A particular focus will be on vulnerability management and incident reporting requirements under Article 14. This is a hands-on, client-facing role suited to someone comfortable working across hardware, embedded systems, and cloud or SaaS environments. Key Responsibilities - Lead CRA scoping exercises to determine product classification (default, Important Class I/II or Critical) across hardware, software and connected infrastructure - Conduct gap analysis workshops to assess clients' current security posture against CRA requirements - Design and implement CRA compliance frameworks within GRC platforms (e.g. Vanta, ServiceNow GRC) - Advise on Article 14 obligations including the definition of "severe incidents" and "actively exploited vulnerabilities," and establish reporting processes to ENISA and relevant CSIRTs - Advise on corrective measure notification timeframes and patching obligations in line with regulatory requirements - Define SBOM (Software Bill of Materials) requirements and support clients in establishing SBOM processes where applicable - Map CRA controls to existing client frameworks (e.g. ISO 27001, SOC 2, NIS2) - Produce client-ready proposals, compliance roadmaps and remediation plans - Deliver ongoing advisory and retainer-based support post-initial engagement Essential Skills - Demonstrable experience with the EU Cyber Resilience Act, including its product scope, classification criteria and Article 14 reporting obligations - Familiarity with ENISA and CSIRT reporting mechanisms and processes - Strong understanding of vulnerability management, incident response and secure development lifecycle (SDL/SSDLC) - Experience working with