This job was posted more than 40 days ago and might be expired.
Instil logo

Compliance Consultant

Posted about 2 months ago

RemoteParis

The Role

We are looking for an experienced cybersecurity and compliance professional with strong knowledge of the EU Cyber Resilience Act (CRA).

In this role, you’ll work directly with clients to assess and improve their CRA readiness, leading gap analysis, shaping compliance frameworks, and supporting ongoing alignment. A particular focus will be on vulnerability management and incident reporting requirements under Article 14. This is a hands-on, client-facing role suited to someone comfortable working across hardware, embedded systems, and cloud or SaaS environments.

Key Responsibilities

  • Lead CRA scoping exercises to determine product classification (default, Important Class I/II or Critical) across hardware, software and connected infrastructure

  • Conduct gap analysis workshops to assess clients' current security posture against CRA requirements

  • Design and implement CRA compliance frameworks within GRC platforms (e.g. Vanta, ServiceNow GRC)

  • Advise on Article 14 obligations including the definition of "severe incidents" and "actively exploited vulnerabilities," and establish reporting processes to ENISA and relevant CSIRTs

  • Advise on corrective measure notification timeframes and patching obligations in line with regulatory requirements

  • Define SBOM (Software Bill of Materials) requirements and support clients in establishing SBOM processes where applicable

  • Map CRA controls to existing client frameworks (e.g. ISO 27001, SOC 2, NIS2)

  • Produce client-ready proposals, compliance roadmaps and remediation plans

  • Deliver ongoing advisory and retainer-based support post-initial engagement

Essential Skills

  • Demonstrable experience with the EU Cyber Resilience Act, including its product scope, classification criteria and Article 14 reporting obligations

  • Familiarity with ENISA and CSIRT reporting mechanisms and processes

  • Strong understanding of vulnerability management, incident response and secure development lifecycle (SDL/SSDLC)

  • Experience working with connected hardware and software products (e.g. IoT, telematics, embedded systems)

  • Experience with GRC tooling such as Vanta, Drata or equivalent

  • Ability to advise on SBOM generation and management (e.g. CycloneDX, SPDX formats)

  • Knowledge of complementary EU regulatory frameworks including NIS2 and GDPR

  • Excellent written and verbal communication skills, with the ability to translate regulatory requirements into practical client guidance

  • Comfortable leading workshops and stakeholder engagements at technical and executive level

Desirable Skills

  • Knowledge of relevant product certification schemes and EU market access requirements

  • Multilingual ability (French is a strong advantage given the client base)

  • Prior experience in automotive, telematics or connected vehicle sectors

Qualifications

  • Degree in Computer Science, Information Security, Law or a related discipline (or equivalent experience)

  • Relevant certifications such as CISSP, CISM, ISO 27001 Lead Implementer or equivalent

  • Formal training or certification in EU cybersecurity regulation is advantageous

Company Description

Instil has been delivering world-class software engineering and technology solutions for over 20 years, trusted by global brands to solve complex challenges and drive innovation. From modernising legacy systems to building cutting-edge applications, we help our clients navigate an ever-changing digital landscape with confidence and agility.

We’re proud to be an award-winning employer, reflecting how our people are at the heart of everything we do:

  • Recognised as a Great Place to Work® for three consecutive years, and in 2024 ranked in the Top 20 Best Workplaces in the UK for medium-sized companies.

  • Winner of Company of the Year at the Digital DNA Awards 2022, celebrating excellence in Northern Ireland’s tech sector.

Driven by a love for technology and a commitment to excellence, we bring together people who want to make a difference. We’ll support your journey, because your success is part of ours.

#LI-PR1 #InstilCareers

Job details
Workplace
Remote
Location
Paris

Instil helps technology brands transform, innovate and disrupt their markets with secure, category-defining software. Founded in 2005, our services include product development, delivering next-generation digital solutions; cyber security, helping teams protect against emerging cyber threats; and artificial intelligence, unlocking the potential of your data and people.

Apply smarter with Jobr

Jobr aggregates jobs directly from company career portals — no middlemen. Our team applies on your behalf with AI-tailored resumes, reviewed by a human before submission.

Direct from company career pages
AI-personalised cover letters
Human review before every submit
Application tracking & follow-ups