Vacant job

We are looking for a technical specialist in cybersecurity legislation (CRA/NIS2) for the Subway section at an authority within traffic.

This is a consulting assignment based in Stockholm. The position is 50%, with the possibility of variation depending on the different phases of the project.

The assignment involves close collaboration with the client, which places high demands on flexibility and teamwork.

The Assignment

The role involves supporting projects related to subway, local trains, trams, and other traffic projects in matters concerning cybersecurity legislation and data protection. The person is responsible for monitoring and ensuring that the projects meet national and European cybersecurity requirements, including CRA/NIS2, as well as following up on suppliers' work and verifying that the established requirements are met. The role also includes collaboration with the project organization, regulatory authorities, and external stakeholders, as well as quality assurance and reporting on regulatory aspects.

Responsibilities

Support projects in compliance with national cybersecurity legislation, European product certifications, and the EU's Cyber Resilience Act (CRA).

Support projects in procurement, supplier requirements, and security in supply chains.

Follow up on suppliers' work to ensure delivery according to contractual requirements.

Follow up and verify established requirements.

Support projects in dialogue with regulatory authorities.

Collaborate within the EU on cybersecurity governance and regulations.

Quality assure and review the supplier's CRA gap analysis.

Assess the reasonableness and proportionality of proposed measures.

Identify and clarify the division of responsibilities between supplier and client.

Identify relevant regulatory requirements according to CRA for project deliveries.

Provide regulatory decision support for design and verification decisions.

Review that regulatory aspects are considered in the project's requirements, design, and verification work.

Flag regulatory risks and deviations to project management.

Continuously report the status within the area of responsibility to the project manager.

Requirements (Note: Mandatory)

At least a bachelor's degree (not vocational) or 10 years of professional experience in technical development projects (infrastructure, technology, systems, vehicles, etc.)

At least 8 years of experience working in cybersecurity legislation; Directive 2016:1148:EU (NIS1), Cybersecurity Act 2025:1506 (NIS2), and EU Regulation 2024:2847 (CRA)

At least 5 years of documented experience within the EU and ENISA in the field of cybersecurity and data protection.

At least 2 years of experience in rail-bound traffic, technical issues, other industry laws, requirements, and guidelines, as well as national and international regulations.

At least 2 years of experience in security governance and risk for infrastructure for rail and public transport in accordance with applicable safety standards ISO 27001/2 and also experience with more sector-specific standards such as IEC 63452 (including TS 50701, IEC 62443, EN 50126/8/9)

Fluent in Swedish, both spoken and written.

Desirable

At least 4 years of experience in previous work providing expert support for IT/OT projects within Region Stockholm or SKR regarding EU regulations/directives on data protection and information security.

Personal Attributes

Analytical and able to quickly understand new technology areas and issues.

Solution-oriented with the ability to drive projects forward independently.

Collaborative and social with a good ability to build relationships.

Structured and with a good sense of order.

Responsive and adaptable in different situations.

Very good oral and written communication skills in Swedish, tailored to the message, intention, and context.

Driven, engaged, and independent in their work.

About Us

Centio's overarching goal is to be a consulting company that offers smart and sustainable solutions that positively develop society.

Our employees are offered conditions tailored to the individual. This means that working hours, workload, workplace, and professional development are adjusted as much as possible according to the employee's needs.

Among our employees, you will find engaged individuals who are passionate about societal development. We work in small groups where you can contribute your experiences while also benefiting from others' knowledge and experience.

For us, well-being is important, and finding a healthy balance between work and leisure is essential. Therefore, we have a zero vision against stress and prioritize well-being and health.

Please read more about us at centio.se.

Please send your CV in Swedish.

We look forward to your application!