Chargement en cours

Compliance Consultant

PARIS, 75
il y a 17 heures

Responsibilities

  • Lead CRA scoping exercises to determine product classification (default, Important Class I/II or Critical) across hardware, software and connected infrastructure
  • Conduct gap analysis workshops to assess clients' current security posture against CRA requirements
  • Design and implement CRA compliance frameworks within GRC platforms (e.g. Vanta, ServiceNow GRC)
  • Advise on Article 14 obligations including the definition of "severe incidents" and "actively exploited vulnerabilities," and establish reporting processes to ENISA and relevant CSIRTs
  • Advise on corrective measure notification timeframes and patching obligations in line with regulatory requirements
  • Define SBOM (Software Bill of Materials) requirements and support clients in establishing SBOM processes where applicable
  • Map CRA controls to existing client frameworks (e.g. ISO 27001, SOC 2, NIS2)
  • Produce client-ready proposals, compliance roadmaps and remediation plans
  • Deliver ongoing advisory and retainer-based support post-initial engagement

Requirements

  • Demonstrable experience with the EU Cyber Resilience Act, including its product scope, classification criteria and Article 14 reporting obligations
  • Familiarity with ENISA and CSIRT reporting mechanisms and processes
  • Strong understanding of vulnerability management, incident response and secure development lifecycle (SDL/SSDLC)
  • Experience working with connected hardware and software products (e.g. IoT, telematics, embedded systems)
  • Experience with GRC tooling such as Vanta, Drata or equivalent
  • Ability to advise on SBOM generation and management (e.g. CycloneDX, SPDX formats)
  • Knowledge of complementary EU regulatory frameworks including NIS2 and GDPR
  • Excellent written and verbal communication skills, with the ability to translate regulatory requirements into practical client guidance
  • Comfortable leading workshops and stakeholder engagements at technical and executive level
  • Degree in Computer Science, Information Security, Law or a related discipline (or equivalent experience)
  • Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer or equivalent
  • Formal training or certification in EU cybersecurity regulation is advantageous.

ATS Optimization Keywords

  • Hard Skills
    • EU Cyber Resilience Act
    • vulnerability management
    • incident response
    • secure development lifecycle
    • SBOM generation
    • GRC compliance frameworks
    • gap analysis
    • product classification
    • regulatory requirements
    • compliance roadmaps
    • Soft Skills
      • excellent written communication
      • excellent verbal communication
      • stakeholder engagement
      • workshop facilitation
      • client guidance
      • advisory skills
      • leadership
      • organizational skills
      • analytical skills
      • problem-solving
    • Certifications & Qualifications
      • CISSP
      • CISM
      • ISO 27001 Lead Implementer
      • EU cybersecurity regulation certification
#J-18808-Ljbffr
Entreprise
Jobtailor
Plateforme de publication
WHATJOBS
Offres pouvant vous intéresser
PARIS, 75
il y a 18 jours
PARIS, 75
il y a 18 jours
PARIS, 75
il y a 24 jours
Soyez le premier à postuler aux nouvelles offres
Soyez le premier à postuler aux nouvelles offres
Créez gratuitement et simplement une alerte pour être averti de l’ajout de nouvelles offres correspondant à vos attentes.
* Champs obligatoires
Ex: boulanger, comptable ou infirmière
Alerte crée avec succès