Consultant - Product Security & Regulatory Compliance (Industrial OT/AI Systems)
We are seeking a Consultant – Product Security & Regulatory Compliance to strengthen our advisory practice for industrial OT and AI-embedded product development. In this role, you will guide clients through complex regulatory landscapes, embed security into engineering delivery and translate compliance obligations into actionable technical specifications for federated product portfolios.
Feel free to work remotely from anywhere across Latvia or connect with colleagues at our Riga office.
Responsibilities
- Design and maintain product security requirements frameworks for large federated product portfolios, including central control libraries, deviation governance workflows, risk acceptance procedures and change-propagation models across product lines
- Translation of Cyber Resilience Act essential requirements (Annex I Parts I & II) into actionable engineering specifications, covering SBOM governance, secure-by-default configurations, vulnerability handling procedures, secure update mechanisms and CE marking documentation
- Performance of OT/ICS security level assessments (SL-T vs SL-A gap analysis), zone/conduit modeling and component requirement mapping, with evidence packages for client conformity verification
- Lead threat modeling workshops with engineering teams using STRIDE, PASTA or MITRE ATT&CK for ICS, delivering prioritized risk registers and control recommendations at component and system levels
- Definition and implementation of SDL/SSDLC programs, including OWASP ASVS compliance matrices, SAST/DAST/SCA toolchain integration, vulnerability triage procedures and secure coding standards for embedded and industrial software
- Support for Notified Body engagement and technical documentation preparation for CRA Class I and Class II products, authoring security architecture documents and risk assessment evidence for regulatory submissions
- Design and execution of threat models for industrial products integrating AI/ML or LLM capabilities such as predictive maintenance, anomaly detection and agentic automation, applying OWASP LLM Top 10 mitigations
- Integration of AI security controls into DevSecOps pipelines, including model provenance, AI SBOM, MLOps security gates, CI/CD compliance checks and automated vulnerability scanning for AI components
- Support for EU AI Act conformity obligations for high-risk AI systems, covering technical documentation, human oversight mechanism design, audit trail architecture and AI incident response planning
- Conduct engineering-level regulatory gap assessments across CRA, NIS2, EU AI Act and DORA, delivering remediation roadmaps with specific control requirements
- Presentation of compliance posture, security architecture findings and roadmaps to senior client stakeholders including CISOs, engineering VPs, product heads and regulatory affairs teams, and facilitation of cross-functional alignment workshops
- Contribution to external publications, white papers and industry forums, supporting proposal development and practice capability-building
Requirements
- 5+ years of experience in product security, regulatory compliance or OT/ICS security within industrial product development
- Knowledge of Cyber Resilience Act essential requirements, CE marking documentation and Notified Body engagement
- Expertise in IEC 62443 security level assessments, zone/conduit modeling and component requirement mapping
- Proficiency in threat modeling methodologies including STRIDE, PASTA and MITRE ATT&CK for ICS
- Background in SDL/SSDLC programs, OWASP ASVS and secure coding standards for embedded and industrial software
- Skills in SAST/DAST/SCA toolchain integration and vulnerability triage procedures
- Understanding of AI/ML and LLM security, including OWASP LLM Top 10 mitigations
- Competency in DevSecOps pipelines, model provenance, AI SBOM and MLOps security gates
- Familiarity with EU AI Act, NIS2 and DORA regulatory frameworks
- Capability to present security findings and roadmaps to senior stakeholders such as CISOs, engineering VPs and regulatory affairs teams
- Advanced proficiency in English (C1+)
We offer
- Engineering Heritage: Best-in-class experts sharing a culture of engineering excellence and tackling complex engineering challenges for over 30 years.
- Advanced Tech Stack: Innovative projects where you can apply or enhance your expertise in Cloud, Data, AI, and other emerging technologies.
- World-Class Clients: Work closely with 340+ of the Forbes Global 2000 on creating disruptive solutions that make a global impact.
- Professional Growth: Exceptional support for career development with comprehensive resources for upskilling or reskilling in pioneering practices.
- GenAI Community: Strong AI competencies with 600+ experts across 55+ locations driving GenAI-enabled transformation journeys.
- Entrepreneurial Culture: If you're passionate and dedicated to improving business transformation, we provide the support you need to bring your ideas to life.
- Hybrid Setup: The flexibility to work from any location in Latvia, whether it's your home or our office in Riga.
- Other Benefits: Additional vacation and trust days, private health insurance, Employee Stock Purchase Plan and more.
Salary range €5K-€6.7K gross, based on your experience and interview results.
EPAM is a leading global provider of digital platform engineering and development services. For over 30 years, our team has helped leading brands navigate the waves of digital transformation, building solutions that help them stay competitive through constant market disruption.With offices in 55+ countries, EPAM has grown in Latvia to over 150+ talented innovators in 4 years. We foster creativity and unconventional ways of doing things, welcoming like-minded professionals to join us.
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
Consultant - Product Security & Regulatory Compliance (Industrial OT/AI Systems)
2026-07-02
Lead Azure AI Security Engineer
2026-07-01
Lead AI-Augmented IAM Security Engineer
2026-07-01
- Posted
- Jul 02, 2026
- Type
- Full-time
- Level
- Associate
- Location
- Latvia
- Company
- EPAM Systems
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
Consultant - Product Security & Regulatory Compliance (Industrial OT/AI Systems)
2026-07-02
Lead Azure AI Security Engineer
2026-07-01
Lead AI-Augmented IAM Security Engineer
2026-07-01