The Role
We are looking for an experienced cybersecurity and compliance professional with strong knowledge of the EU Cyber Resilience Act (CRA).
In this role, you’ll work directly with clients to assess and improve their CRA readiness, leading gap analysis, shaping compliance frameworks, and supporting ongoing alignment. A particular focus will be on vulnerability management and incident reporting requirements under Article 14. This is a hands-on, client-facing role suited to someone comfortable working across hardware, embedded systems, and cloud or SaaS environments.
Key Responsibilities
Lead CRA scoping exercises to determine product classification (default, Important Class I/II or Critical) across hardware, software and connected infrastructure
Conduct gap analysis workshops to assess clients' current security posture against CRA requirements
Design and implement CRA compliance frameworks within GRC platforms (e.g. Vanta, ServiceNow GRC)
Advise on Article 14 obligations including the definition of "severe incidents" and "actively exploited vulnerabilities," and establish reporting processes to ENISA and relevant CSIRTs
Advise on corrective measure notification timeframes and patching obligations in line with regulatory requirements
Define SBOM (Software Bill of Materials) requirements and support clients in establishing SBOM processes where applicable
Map CRA controls to existing client frameworks (e.g. ISO 27001, SOC 2, NIS2)
Produce client-ready proposals, compliance roadmaps and remediation plans
Deliver ongoing advisory and retainer-based support post-initial engagement
Essential Skills
Demonstrable experience with the EU Cyber Resilience Act, including its product scope, classification criteria and Article 14 reporting obligations
Familiarity with ENISA and CSIRT reporting mechanisms and processes
Strong understanding of vulnerability management, incident response and secure development lifecycle (SDL/SSDLC)
Experience working with connected hardware and software products (e.g. IoT, telematics, embedded systems)
Experience with GRC tooling such as Vanta, Drata or equivalent
Ability to advise on SBOM generation and management (e.g. CycloneDX, SPDX formats)
Knowledge of complementary EU regulatory frameworks including NIS2 and GDPR
Excellent written and verbal communication skills, with the ability to translate regulatory requirements into practical client guidance
Comfortable leading workshops and stakeholder engagements at technical and executive level
Desirable Skills
Knowledge of relevant product certification schemes and EU market access requirements
Multilingual ability (French is a strong advantage given the client base)
Prior experience in automotive, telematics or connected vehicle sectors
Qualifications
Degree in Computer Science, Information Security, Law or a related discipline (or equivalent experience)
Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer or equivalent
Formal training or certification in EU cybersecurity regulation is advantageous
Company Description
Instil has been delivering world-class software engineering and technology solutions for over 20 years, trusted by global brands to solve complex challenges and drive innovation. From modernising legacy systems to building cutting-edge applications, we help our clients navigate an ever-changing digital landscape with confidence and agility.
We’re proud to be an award-winning employer, reflecting how our people are at the heart of everything we do:
Recognised as a Great Place to Work® for three consecutive years, and in 2024 ranked in the Top 20 Best Workplaces in the UK for medium-sized companies.
Winner of Company of the Year at the Digital DNA Awards 2022, celebrating excellence in Northern Ireland’s tech sector.
Driven by a love for technology and a commitment to excellence, we bring together people who want to make a difference. We’ll support your journey, because your success is part of ours.
#LI-PR1 #InstilCareers
Instil helps technology brands transform, innovate and disrupt their markets with secure, category-defining software. Founded in 2005, our services include product development, delivering next-generation digital solutions; cyber security, helping teams protect against emerging cyber threats; and artificial intelligence, unlocking the potential of your data and people.
Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.