Cyber Security Compliance Engineer

Role: Cyber Security Compliance Engineer

Client: Global Manufacturer

Location: Zurich

Duration: Long Term

Remote Work: 2 days per week in the office, 3 days remote work

Start Date: ASAP

Job Description:

A global leader in manufacturing is seeking an experienced and proactive Cyber Security Consultant to lead the implementation of the EU Cyber Resilience Act (CRA) compliance program.

This role is critical in establishing a robust cybersecurity framework for the company's digital products and ensuring alignment with upcoming EU regulations. The consultant will work closely with internal teams and play a pivotal role in both the initial implementation phase and the transition to a permanent Digital Compliance Engineer.

Key Responsibilities:

• Act as the primary driver and project manager for CRA compliance.
• Collaborate with product, engineering, and legal teams to execute the compliance roadmap.
• Develop a detailed project plan with milestones and deliverables.
• Provide regular progress updates to senior management.
• Define and implement a risk management framework based on established standards.
• Conduct comprehensive cybersecurity risk assessments for digital products.
• Identify and document security requirements tailored to product risk profiles.
• Establish lifecycle-based risk assessment documentation processes.
• Design and implement a coordinated vulnerability disclosure policy.
• Develop internal procedures for vulnerability identification, documentation (including SBOM), and remediation.
• Ensure timely mitigation and communication of vulnerabilities to customers and authorities (e.g., ENISA).
• Create templates for technical documentation as per CRA Annex VII.
• Define user-facing documentation standards to ensure clarity and compliance.
• Ensure all documentation supports market surveillance requirements.
• Review and enhance current software development processes.
• Define and implement a formal SSDL framework based on NIST SSDF.
• Provide training and guidance to architecture, development, and QA teams.
• Align long-term goals with IEC 62443 compliance.

Ideal Qualifications

• Proven experience in cybersecurity compliance, preferably with EU regulations.
• Strong project management and cross-functional collaboration skills.
• Familiarity with standards such as NIST SSDF, BSI TR-03183-1, and IEC 62443.
• Experience with secure software development and vulnerability management.
• Excellent documentation and communication skills.