Security & Compliance Lead

About Railnova

Railnova builds digital products for the railway industry, operating in an increasingly regulated and security-sensitive environment. As customer and regulatory expectations around cybersecurity, compliance, and process maturity continue to grow (ISO 27001, IEC 62443, ISO 9001, NIS2, GDPR…), we are strengthening our internal ownership of these topics.

We are looking for a Security & Compliance Lead to take overall ownership of security-related compliance and governance across the company, while working closely with our technical teams in a pragmatic and realistic way.

Role Overview

The Security & Compliance Lead owns and drives Railnova’s information security and product cybersecurity compliance.

This role is primarily focused on governance, compliance, and accountability, not on building security mechanisms or running day-to-day security operations. A technical background is required to understand the subjects, communicate effectively with engineering teams, and make informed trade-offs — not to replace them.

As part of this mission, the role also contributes to maintaining and improving Railnova’s ISO 9001-based process framework, specifically where it supports security, compliance, traceability, and continuous improvement.

The role reports directly to the CEO and works transversely with Product, Engineering, IT, Hardware, Embedded Software, and Operations teams.

Railnova is a small company (≈35 people): this role combines ownership and coordination with limited, targeted execution, intentionally focused on audits, evidence, documentation support, and compliance tooling.

Key Responsibilities

Security, Compliance & Governance Ownership

• Own Railnova’s information security and product cybersecurity compliance frameworks (e.g. ISO 27001, IEC 62443).

• Contribute to the maintenance and evolution of ISO 9001 where it supports security, compliance, and continuous improvement.

• Translate regulatory, legal, and customer security requirements (e.g. NIS2, GDPR) into clear internal policies, processes, and expectations.

• Ensure security and compliance requirements are consistently understood and applied across the organization.

• Drive continuous improvement of security-related processes and governance.
  

Audits, Certifications & Evidence

• Prepare, coordinate, and support internal and external audits and certifications related to security, compliance, and applicable process standards (e.g. ISO 27001, IEC 62443, ISO 9001).

• Own evidence gathering and audit readiness across teams.

• Support teams in producing security-related documentation and review it for completeness and compliance, while teams remain the authors and owners of their product and technical documentation.

• Define and maintain tooling and processes to make compliance more scalable and less painful over time.

• Act as the primary point of contact for auditors and certification bodies on security topics.
  

Cross-Team Coordination & Accountability

• Work closely with software, hardware, embedded software, product, and IT teams to ensure compliance requirements are realistic, understood, and implemented.

• Clarify roles and responsibilities related to security and compliance across teams.

• Follow up on compliance actions and escalate when necessary.

• Help remove ambiguity around “who owns what” for security-related topics.

Customer & External Stakeholders

• Act as the main point of contact for customer-facing cybersecurity and compliance questions.

• Support customer security assessments, questionnaires, and assurance requests.

• Clearly communicate Railnova’s security posture and commitments to customers and partners.

Technical Context

Railnova develops a mix of software, SaaS solutions, hardware products, and embedded software for the railway industry. Our systems run on modern server and cloud-based infrastructures and interact with operational and industrial environments.

This role does not require hands-on development or hardware design, but it does require enough technical understanding to:

• grasp system architectures and constraints,

• discuss security topics credibly with software, hardware, and embedded teams,

• assess compliance implications across heterogeneous systems.

What This Role Is — and Is Not

This role is:

• An ownership and accountability role for security compliance

• A bridge between compliance requirements and technical reality

• A role with partial execution focused on evidence, audits, documentation support, and tooling

• A transversal role with real impact on how the company operates
  

This role is not:

• An executive or C-level role

• A SOC, DevOps, or hands-on security engineering role

• A vulnerability scanning or incident response operator

• A contract or legal ownership role

• A replacement for software, hardware, or embedded engineering teams

Why This Role at Railnova

• You’ll have real ownership of security compliance in a growing company.

• You’ll work directly with the CEO and leadership team.

• You’ll help turn compliance from a recurring pain point into a strength.

• You’ll have the autonomy to structure and improve how things are done.

• You’ll work closely with strong software, hardware, and embedded teams — without being expected to replace them.

Required

• Solid technical background (software, embedded systems, infrastructure, or security) allowing you to understand architectures and technical constraints.

• Experience with security compliance, audits, or governance frameworks (e.g. ISO 27001, IEC 62443, or similar).

• Comfortable working with standards, documentation, evidence, and structured processes.

• Able to communicate clearly with both technical and non-technical stakeholders.

• Pragmatic mindset: able to balance compliance requirements with real-world constraints.

Nice to Have

• Experience in a B2B and/or regulated environment.

• Exposure to customer security assessments and certifications.

• Familiarity with tooling used for compliance, documentation, or risk tracking.

• Certifications related to security governance, compliance, or process frameworks (e.g. ISO 27001 implementer/auditor, IEC 62443, ISO 9001). We value practical experience and are open to supporting relevant certifications when needed for audit or compliance purposes.
  

How to apply ?

The application process is handled as follows:

• Submit your written application via the “Apply for this job” button on Railnova’s Job Site and carefully craft your written answer. If you apply via LinkedIn, you will be asked to re-apply via this link, so your application can be processed.

• The hiring manager and the HR team evaluate your application within 15 days of your application. At this stage, we are looking for strong written communication, critical thinking, and experience.

• Interview with the Hiring manager

• Case study exercise

• Final interviews and team presentation

• You can ask questions at any time during the application process simply by responding to the confirmation email you’ll receive after submission.