ROLE: Senior Cybersecurity Consultant — CRA Compliance (Contract)
Below covers everything you need to know about what this opportunity entails, as well as what is expected from applicants.
Client: Confidential — Industrial/OT sectorLocation: Belgium (Brabant Wallon) | Hybrid (primarily on-site)Duration: 3–4 months FTE |Start: ASAP
1. ROLE SUMMARYThis is a hands-on implementation contract — not an advisory or audit role. The client has already had gap assessments done on two products against the EU Cyber Resilience Act, and now needs someone to actually fix the problems identified. Day-to-day, the consultant will be hardening products, managing vulnerability remediation, producing SBOMs, supporting security testing, and building out the technical compliance dossier. They'll work closely with a Technical Lead and business stakeholders who have little to no cybersecurity background, so communication and pragmatism matter as much as technical depth. It's a focused, deliverable-driven engagement with a clear end goal: two products that are CRA-compliant and documented before the regulation kicks in.
2. KEY REQUIREMENTS BREAKDOWNMust-HavesStrong, demonstrable knowledge of the EU Cyber Resilience Act (CRA)Experience implementing cybersecurity compliance in industrial or product environments (not just IT/enterprise)OT / SCADA security experienceProduct security hardening and secure configurationVulnerability management and security testing (follow-up, not necessarily execution)SBOM (Software Bill of Materials) production and managementTechnical documentation for regulatory complianceAvailable immediately and able to commit full-time xphnsxz for 3–4 months on-site in Brabant WallonNice-to-HavesExperience with IEC 62443 (industrial cybersecurity standard)Familiarity with Siemens or AVEVA industrial platformsBackground in IT/OT convergence environmentsExperience presenting to non-technical stakeholdersDeal-BreakersPure IT/enterprise security background with no OT or product experienceOnly advisory/assessment experience — this role is implementationUnavailable before summer or unwilling to be primarily on-siteDay rate expectations above €1,000