Motorcycle Cybersecurity Consultant / Advisory Partner
30 December, 2025
Request for Proposals (RFP)
Motorcycle Cybersecurity Consultant / Advisory Partner
GR1T Motorcycles
30 December 2025
Deadline: 31 January 2026
1. Background
GR1T is a European electric motorcycle startup developing connected, software-enabled motorcycles with over-the-air (OTA) update capabilities, vehicle control units (VCU), digital dashboards, mobile connectivity, and cloud-backed services.
Cybersecurity is a core safety, regulatory, and brand-trust issue for GR1T. We are seeking an experienced Motorcycle / Automotive Cybersecurity Consultant or Consultancy to support the design, implementation, and validation of our cybersecurity approach for the physical motorcycle from early-stage architecture through homologation and market launch.
This role is advisory and hands-on. We are not looking for generic IT security consultants.
2. Scope of Responsibilities
The selected consultant will support GR1T across the following areas:
A. Vehicle Cybersecurity Architecture
- Define a cybersecurity architecture for GR1T motorcycles, covering the Vehicle Control Unit (VCU); Battery Management System (BMS); Motor controller / inverter; Dashboard / HMI; CAN bus and internal vehicle networks; Telematics and connectivity modules.
- Identify threat surfaces and trust boundaries within the motorcycle system
- Advise on secure-by-design principles suitable for lightweight vehicles
B. Threat Analysis & Risk Assessment (TARA)
Conduct or support Threat Analysis and Risk Assessment (TARA) aligned with:
- UNECE R155
- ISO/SAE 21434
Identify attack vectors including:
- Physical access attacks
- Remote / wireless attacks
- OTA manipulation
- Supply-chain vulnerabilities
- Propose mitigation strategies proportionate to vehicle class and risk profile
C. OTA Updates & Software Lifecycle Security
Advise on secure OTA update mechanisms for:
- Dashboard firmware
- VCU and powertrain software
Define processes for:
- Secure boot
- Code signing
- Update validation and rollback Support definition of a secure software update lifecycle.
D. Compliance & Homologation Support
Support GR1T’s compliance with relevant regulations and standards, including:
- UNECE R155 (Cybersecurity Management System)
- UNECE R156 (Software Updates)
- ISO/SAE 21434
Assist with documentation required for:
- Type approval
- Homologation audits
- Supplier assessments
E. Supplier & Component Cybersecurity Assessment
Support evaluation of cybersecurity practices of key suppliers, including:
- ECU suppliers
- Dashboard / HMI vendors
- Connectivity and telematics providers Define minimum cybersecurity requirements for suppliers Review supplier documentation and security claims critically
F. Internal Processes & Governance
Help define a Vehicle Cybersecurity Management System (CSMS) proportionate to a startup environment. Define:
- Roles and responsibilities
- Incident response procedures
- Vulnerability disclosure processes Ensure cybersecurity is embedded pragmatically, not bureaucratically
3. Deliverables (Indicative)
- High-level motorcycle cybersecurity architecture
- TARA documentation
- Cybersecurity requirements specification
- OTA and software update security recommendations
- Compliance and audit-ready documentation
- Advisory input during key technical decisions
4. Ideal Consultant / Firm Profile
Demonstrated experience in automotive or motorcycle cybersecurity Hands-on knowledge of:
- Embedded systems
- CAN bus security
- OTA update mechanisms
- Direct experience with UNECE R155 / R156 and ISO/SAE 21434
- Comfortable working with startups and incomplete systems
- Pragmatic, risk-based mindset (not checkbox compliance)
- Able to communicate clearly with engineers and management
5. Eligibility & Practical Requirements
Consultant or firm would ideally be legally established in Europe. Ability to invoice a European company Availability for periodic workshops, remote work, and occasional on-site sessions Fluent professional English required
The selected consultant(s) must be able to travel and work freely within Europe as required. GR1T will not provide extensive logistical or administrative support for travel; vendors are expected to manage their own travel planning and on-site working arrangements in a professional and self-sufficient manner.
6. Engagement Model
The core phase of this engagement is expected to take place in mid-2026, aligned with GR1T’s development, testing, and homologation milestones. All work, documentation, workshops, and communication will be conducted exclusively in the English language.
If a single vendor does not cover the full scope of expertise required, proposals may be submitted by consortia, subcontracting arrangements, or associated independent experts, provided that one party assumes clear lead responsibility and coordination.
Advisory engagement on a part-time / retainer basis. Combination of:
- Remote work
- Structured workshops
- On-demand technical reviews Expected duration: multi-month engagement aligned with vehicle development milestones
7. Proposal Requirements
Please include:
- Short introduction (individual or firm)
- Relevant automotive / vehicle cybersecurity experience
- Specific experience with UNECE R155 / R156 and ISO/SAE 21434
- Example deliverables or anonymised case references
- Proposed engagement model and availability
- Pricing structure (hourly or retainer)
- References (optional but preferred)
GR1T values clarity, technical depth, and practical execution. We are looking for a partner who understands cybersecurity in vehicles in depth and is current with state of the art in the sector.
Proposal submission deadline: 31 January 2026
GR1T is a startup. We value clarity, speed, and execution over bureaucracy. We are looking for a partner who can grow with us.
Please send all materials to: hr@gritmotorcycles.com