Product Cybersecurity And CRA Lead

Are you in for a big challenge, like contributing to the success of new global company? Epiroc is a leading global productivity partner to the mining, infrastructure, and natural resources industries. Epiroc stands for innovation, commitment, and collaboration, which is the speed to market & industry leadership; the passion to help customers succeed and a close partnership for deep understanding of the needs. We clearly aim to be our customers’ first choice.

Job Description:

Cybersecurity & CRA

• Define and maintain product cybersecurity and CRA governance, including roles, responsibilities, and decision forums
• Develop, maintain, and execute a CRA compliance roadmap with clear priorities, milestones, and documented decisions
• Drive the implementation of secure development lifecycle practices, based on IEC 62443 or equivalent frameworks
• Integrate cybersecurity requirements and security gates into development, change, and release processes
• Establish and maintain vulnerability handling and incident reporting processes aligned with CRA expectations
• Define and manage CRA product classification and conformity assessment strategies, including preparation for audits or third party assessments
  
  

PCS / Program Leadership

• Ensure alignment with Product Cybersecurity Standard (PCS) workflows, deliverables, and governance
• Act as the Cybersecurity Lead within program organizations, ensuring risks are identified, tracked, and escalated appropriately
• Drive cross-functional collaboration across engineering, quality, compliance, product management, and suppliers
• Ensure documentation, evidence collection, and audit readiness across programs and products
  
  

Risk & Lifecycle Ownership

• Drive cybersecurity risk assessments (e.g., TARA or equivalent) and ensure mitigation actions are implemented and tracked
• Maintain visibility of product cybersecurity risks at both program and management levels
• Ensure cybersecurity requirements are addressed for product updates, upgrades, and substantial modifications across the lifecycle
  
  

Validation & Collaboration

• Collaborate with verification and validation teams to ensure cybersecurity testing and validation, including vulnerability and penetration testing where applicable
• Work with functional safety teams, when required, to align on system-level risk considerations and dependencies
  
  

Qualification, Skills, and Experience:

• Education in computer science, information science, IT, other similar branches.
• 8+ years of experience in product cybersecurity, embedded systems, or industrial / automotive software
• Strong experience in product cybersecurity or regulatory cybersecurity compliance
• Deep understanding of secure development lifecycle concepts
• Experience working with regulatory frameworks (EU CRA, IEC 62443, or similar)
• Ability to drive structured programs across complex organizations
• Strong documentation, governance, and stakeholder management skills
• Ability to escalate, influence, and drive decisions at senior levels
• Strong understanding of secure development lifecycle (SDL) concepts
• Hands-on experience with IEC 62443, ISO 21434, or similar cybersecurity frameworks
• Proven ability to drive cross-functional programs, governance, and compliance initiatives
• Strong stakeholder management, communication, and documentation skills
• Ability to influence, escalate, and drive decisions at senior and executive levels
  
  

Nice to Have:

• Familiarity with the EU Cyber Resilience Act (CRA)
• Knowledge of functional safety standards (e.g., ISO 13849) and ability to collaborate on
  
  

Performance Level (PL) considerations

• Experience with CE marked or regulated industrial products
• Exposure to conformity assessments, audits, or certification processes
• Background in industrial automation, embedded systems, or connected products
• Strong Techno- Managerial background in the domain of Cyber security - CRA.
  
  
  
  

Location: India, Bangalore.

It all starts with people. The world needs metals and minerals for the energy transition and our cities and infrastructure must be developed to serve a growing population. To succeed, we need to speed up the shift towards more sustainable mining and construction industries. We at Epiroc accelerate this transformation, together with customers and business partners in more than 150 countries, by developing and providing innovative and safe equipment, digital solutions, and aftermarket support.

All new thinkers are welcome. We are looking for those who want to develop, grow, and dare to think new. In Epiroc we attract, develop, and retain diverse talent valuing authenticity and unique perspectives, driving our spirit of innovation. We foster an inclusive culture where diversity isnt just a goal but a part of our values and way of working. This is how we do business for a sustainable future.  Learn more at www.epiroc.com

---