Product Cybersecurity & CRA Lead

Are you in for a big challenge, like contributing to the success of new global company? Epiroc is a leading global productivity partner to the mining, infrastructure, and natural resources industries. Epiroc stands for innovation, commitment, and collaboration, which is the speed to market & industry leadership; the passion to help customers succeed and a close partnership for deep understanding of the needs. We clearly aim to be our customers’ first choice.

Job Description:

Cybersecurity & CRA

• Define and maintain product cybersecurity and CRA governance, including roles, responsibilities, and decision forums
• Develop, maintain, and execute a CRA compliance roadmap with clear priorities, milestones, and documented decisions
• Drive the implementation of secure development lifecycle practices, based on IEC 62443 or equivalent frameworks
• Integrate cybersecurity requirements and security gates into development, change, and release processes
• Establish and maintain vulnerability handling and incident reporting processes aligned with CRA expectations
• Define and manage CRA product classification and conformity assessment strategies, including preparation for audits or third party assessments

PCS / Program Leadership

• Ensure alignment with Product Cybersecurity Standard (PCS) workflows, deliverables, and governance
• Act as the Cybersecurity Lead within program organizations, ensuring risks are identified, tracked, and escalated appropriately
• Drive cross-functional collaboration across engineering, quality, compliance, product management, and suppliers
• Ensure documentation, evidence collection, and audit readiness across programs and products

Risk & Lifecycle Ownership

• Drive cybersecurity risk assessments (e.g., TARA or equivalent) and ensure mitigation actions are implemented and tracked
• Maintain visibility of product cybersecurity risks at both program and management levels
• Ensure cybersecurity requirements are addressed for product updates, upgrades, and substantial modifications across the lifecycle

Validation & Collaboration

• Collaborate with verification and validation teams to ensure cybersecurity testing and validation, including vulnerability and penetration testing where applicable
• Work with functional safety teams, when required, to align on system-level risk considerations and dependencies

Qualification, Skills, and Experience:

• Education in computer science, information science, IT, other similar branches.

•       8+ years of experience in product cybersecurity, embedded systems, or industrial /   automotive software

•       Strong experience in product cybersecurity or regulatory cybersecurity compliance

•          Deep understanding of secure development lifecycle concepts

•             Experience working with regulatory frameworks (EU CRA, IEC 62443, or similar)

•          Ability to drive structured programs across complex organizations

•          Strong documentation, governance, and stakeholder management skills

•          Ability to escalate, influence, and drive decisions at senior levels

•          Strong understanding of secure development lifecycle (SDL) concepts

•          Hands-on experience with IEC 62443, ISO 21434, or similar cybersecurity frameworks

•          Proven ability to drive cross-functional programs, governance, and compliance initiatives

•          Strong stakeholder management, communication, and documentation skills

•          Ability to influence, escalate, and drive decisions at senior and executive levels

Nice to Have:

•          Familiarity with the EU Cyber Resilience Act (CRA)

•          Knowledge of functional safety standards (e.g., ISO 13849) and ability to collaborate on

Performance Level (PL) considerations

•          Experience with CE marked or regulated industrial products

•          Exposure to conformity assessments, audits, or certification processes

•          Background in industrial automation, embedded systems, or connected products

•        Strong Techno- Managerial background in the domain of Cyber security - CRA.

Location: India, Bangalore.