Compliance Consultant
PARIS, 75
il y a 1 jour
Responsibilities
- Lead CRA scoping exercises to determine product classification (default, Important Class I/II or Critical) across hardware, software and connected infrastructure
- Conduct gap analysis workshops to assess clients' current security posture against CRA requirements
- Design and implement CRA compliance frameworks within GRC platforms (e.g. Vanta, ServiceNow GRC)
- Advise on Article 14 obligations including the definition of "severe incidents" and "actively exploited vulnerabilities," and establish reporting processes to ENISA and relevant CSIRTs
- Advise on corrective measure notification timeframes and patching obligations in line with regulatory requirements
- Define SBOM (Software Bill of Materials) requirements and support clients in establishing SBOM processes where applicable
- Map CRA controls to existing client frameworks (e.g. ISO 27001, SOC 2, NIS2)
- Produce client-ready proposals, compliance roadmaps and remediation plans
- Deliver ongoing advisory and retainer-based support post-initial engagement
Requirements
- Demonstrable experience with the EU Cyber Resilience Act, including its product scope, classification criteria and Article 14 reporting obligations
- Familiarity with ENISA and CSIRT reporting mechanisms and processes
- Strong understanding of vulnerability management, incident response and secure development lifecycle (SDL/SSDLC)
- Experience working with connected hardware and software products (e.g. IoT, telematics, embedded systems)
- Experience with GRC tooling such as Vanta, Drata or equivalent
- Ability to advise on SBOM generation and management (e.g. CycloneDX, SPDX formats)
- Knowledge of complementary EU regulatory frameworks including NIS2 and GDPR
- Excellent written and verbal communication skills, with the ability to translate regulatory requirements into practical client guidance
- Comfortable leading workshops and stakeholder engagements at technical and executive level
- Degree in Computer Science, Information Security, Law or a related discipline (or equivalent experience)
- Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer or equivalent
- Formal training or certification in EU cybersecurity regulation is advantageous.
ATS Optimization Keywords
- Hard Skills
- EU Cyber Resilience Act
- vulnerability management
- incident response
- secure development lifecycle
- SBOM generation
- GRC compliance frameworks
- gap analysis
- product classification
- regulatory requirements
- compliance roadmaps
- Soft Skills
- excellent written communication
- excellent verbal communication
- stakeholder engagement
- workshop facilitation
- client guidance
- advisory skills
- leadership
- organizational skills
- analytical skills
- problem-solving
- Certifications & Qualifications
- CISSP
- CISM
- ISO 27001 Lead Implementer
- EU cybersecurity regulation certification
Entreprise
Jobtailor
Plateforme de publication
WHATJOBS
Offres pouvant vous intéresser
PARIS, 75
il y a 1 jour
FRANCE
il y a 19 jours
PARIS, 75
il y a 19 jours
PARIS, 75
il y a 25 jours