Job offers
Tech
IT Security Specialist
Security Compliance Manager
Tropic Square
Tropic Square
Hardware & Firmware

Security Compliance Manager

  • On-site, Hybrid
  • Prague
  • Full-time

Tropic Square is building the world's first transparent, auditable security chip. Our engineering team knows how to build it. Now we need to make sure the company and the product meet the regulatory requirements that will define the market for the next decade.

TROPIC02, our upcoming production chip, must comply with the EU Cyber Resilience Act, pass EUCC certification under the Common Criteria, and hold up to external audit. We have engaged a specialist advisory firm to provide the regulatory and certification expertise. What we need internally is a Security Compliance Manager who makes the transformation actually happen — owns the programme, drives execution across the company, and ensures nothing falls through the cracks between our engineering, legal, management, and external consultants.

This is not a policy-writing role. It is a delivery role.

👉 What You'll Do

  • Own the compliance transformation programme. You’ll deliver Tropic Square's CRA compliance and EUCC certification programme end-to-end. You’ll build the master plan, set milestones, track progress, report to the CEO, resolve blockers, and re-plan when needed
  • Drive internal execution. Engineering teams documenting security architectures, process owners implementing SDL requirements, legal reviewing the Declaration of Conformity, operations setting up CSIRT procedures. You’ll coordinate them so everyone knows what is needed, by when, and why. You’ll own the internal action log and follow up relentlessly
  • Manage the advisory relationship. You’ll turn our external consultants’ recommendations on CRA, Common Criteria, IEC 62443, ISO 9001/27001/14001, and EUCC into clear internal tasks. You’ll ensure consultants get the inputs they need and challenge outputs that are missing, off-scope, or not fit for purpose
  • Coordinate across functions. Compliance transformation touches every part of the company: engineering, product, legal, finance, and leadership. You’ll run working groups, prepare CEO decision materials, align stakeholders on priorities, and keep everyone ahead of upcoming requirements, risks, and decisions
  • Track risks, costs, and decisions. You’ll maintain a live view of the programme's risk register, budget consumption, and open decisions. You’ll surface issues early and frame them clearly: what is the risk, what are the options, what is your recommendation. You do not wait to be asked

💪 Who You Are

You may come from programme management, consulting, operations, or a technical role where you ended up driving the project. What matters:

  • You get things done without formal authority. You’ve coordinated cross-functional programmes before, you can build trust quickly, keep busy stakeholders aligned, escalate without burning bridges, and make it easy for others to do what you need them to do
  • You can manage expert advisors without being one yourself. You know how to work with consultants: ask sharp questions, challenge outputs constructively, and turn their recommendations into internal action without losing anything in translation
  • You are structured and persistent. Complex programmes with many moving parts don't intimidate you — they motivate you. You maintain clarity on what needs to happen, who owns it, and by when. Details do not fall through the cracks
  • You communicate up and across with equal ease. You can prepare a clear and concise executive summary for the CEO and discuss technical topics with engineers in a way that builds trust. You understand that how you communicate is just as important as the message itself.
  • You learn fast. You don't need to be a certification expert and you don’t need to know AVA_VAN.3 on day one, but you can quickly understand CRA, Common Criteria, IEC 62443, and ISO standards well enough to manage the programme

What will help you ramp up faster:

  • Experience managing regulatory, certification, or compliance transformation programmes
  • Background in or exposure to cybersecurity, hardware, or semiconductor environments
  • Experience working in or closely with early-stage or scale-up companies
  • Familiarity with EU regulatory frameworks (CRA, NIS2, MDR, or similar)
  • Prior experience managing external advisory or consulting relationships

🤝 Why Join Us

  • Ownership: You’ll run one of Tropic Square's most strategic programmes. Its outcome directly affects when TROPIC02 can go to market
  • Direct access: You’ll report directly to the CEO. No bureaucratic layers. You have the mandate and the visibility to make things happen
  • A genuinely hard problem: CRA compliance and EUCC certification for a hardware security product are among the most complex regulatory challenges in the industry at the moment. It requires programme management at its best
  • The team: You’ll work alongside the founders behind Trezor and a world-class engineering team for whom security is not a marketing message — it is a way of thinking

👋 Interested? Submit your CV along with a short cover letter. After the initial screening, you'll be directly in touch with your future team.

Senior Jobs → Onsite Jobs → Hybrid Jobs → Full-time Jobs →
Sign up for the newsletter and move forward!
About usMove forwardWhat is a StartupFor companiesHow to succeed in your job searchSkill testsStartupTalkVisual identityStartup Program
B2C TermsB2B TermsPersonal dataCookiesMediaContact us
© 2012 – 2026 StartupJobs.com s.r.o.