Cyber Security – GRC – Data Security Specialist

Job Title: Cyber Security GRC Data Security Specialist

Location: Eindhoven Netherlands
Start Date: ASAP
Duration: 6 Months
Experience Required: 810 Years

Role Overview

We are seeking an experienced Cyber Security GRC (Governance Risk and Compliance) professional with a strong focus on Data Security and EU regulatory frameworks. The ideal candidate will play a key role in ensuring product compliance with the EU Cyber Resilience Act (CRA) driving security governance and leading cross-functional collaboration across engineering legal and product teams.

Key Responsibilities

• Develop and execute a roadmap to bring products into compliance with the EU Cyber Resilience Act (CRA).
• Coordinate with internal application teams cross-functional stakeholders auditors and customers.
• Lead cybersecurity risk assessments for products with digital components across the full development lifecycle.
• Guide and educate stakeholders on EU CRA requirements control ownership and audit expectations.
• Drive enterprise-wide compliance initiatives and ensure alignment with regulatory requirements.
• Collaborate with engineering legal and product development teams to integrate security and compliance into product design.
• Support and manage audits ensuring readiness and successful outcomes.

Essential Skills & Experience

• Minimum 8 years of professional experience in IT Audit compliance or security assurance.
• Strong experience in cybersecurity compliance regulatory affairs or product security governance.
• In-depth understanding of the EU Cyber Resilience Act (CRA).
• Familiarity with relevant frameworks and standards (e.g. ISO 27001 NIS2 Directive).
• Knowledge of Secure Development Lifecycles (SDL) and software vulnerability management.
• Proven experience working with auditors and leading enterprise-wide compliance programs.
• Experience leading cross-functional teams in complex environments.
• Strong project management and stakeholder management skills.
• Excellent communication documentation and presentation skills.
• Strong analytical and problem-solving abilities.

Good-to-Have Qualifications

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• ISO 27001 Lead Auditor (LA) or equivalent certification

Key Competencies

• Ability to work effectively in cross-functional teams (Engineering Legal Product Development).
• Strong leadership and influencing skills.
• Detail-oriented with a proactive and structured approach.
• Ability to translate regulatory requirements into actionable controls and processes.