What you’ll be doing;

Using your background in managing complex development and testing programs, you will:

• Pre-Sales Support and Business Development
  • Partner with sales and business development teams to define and articulate the value proposition of the security development and testing offerings.
  • Represent the function in client engagements, pre-sales discussions, and technical assessments.
  • Design and present tailored solutions based on customer-specific challenges and threat landscapes.
  • Collaborate on statements of work (SOWs) and influence product roadmaps.
• Service Delivery Assurance
  • Oversee performance and quality of services delivered, ensuring SLA and KPI compliance.
  • Implement governance mechanisms and standardised methodologies.
  • Act as the primary escalation point for complex engagements.
  • Conduct regular client reviews to identify enhancement opportunities.
• Budget and Financial Management
  • Develop and manage financial plans, including budgeting and profitability analysis.
  • Monitor expenses and identify cost reduction opportunities.
  • Ensure profitability through forecasting and margin analysis.
  • Refine pricing models and maximise billable utilisation.
• Secure Architecture and DevSecOps Integration
  • Define and govern secure architecture standards across development teams, ensuring alignment with enterprise security policies, regulatory requirements, and industry frameworks (e.g., NIST, OWASP, ISO 27001).
  • Lead the strategic integration of security into DevOps pipelines, embedding security controls and automated testing into CI/CD workflows to enable secure-by-design delivery.
  • Oversee the implementation and optimisation of security tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container security scanners.
  • Establish architectural review boards and security design checkpoints to validate that new systems and applications meet defined security requirements before deployment.
  • Drive continuous improvement in DevSecOps maturity, using metrics and feedback loops to refine processes, reduce risk exposure, and accelerate secure delivery.
  • Collaborate with enterprise architects, engineering leads, and product owners to ensure security is embedded from ideation through to deployment and maintenance.
  • Champion threat modelling and secure design practices, ensuring development teams proactively identify and mitigate risks during the design phase.
  • Mentor and upskill engineering teams on secure coding, architectural risk assessment, and DevSecOps principles to build a culture of shared security ownership.

Key Performance Indicators (KPIs)

• Secure Architecture Compliance Rate: Percentage of projects that meet defined secure architecture standards and pass architecture review gates.
• DevSecOps Integration Maturity: Measured progress in embedding security controls into CI/CD pipelines, including automated testing, code scanning, and policy enforcement.
• Security Testing Coverage: Proportion of applications and systems that undergo static, dynamic, and interactive security testing before release.
• Vulnerability Remediation Velocity: Average time taken to remediate critical and high-severity vulnerabilities identified during development and testing phases.
• Toolchain Utilisation Effectiveness: Adoption and effective use of security tools (e.g., SAST, DAST, SCA) across development teams, measured by scan frequency and issue resolution rates.
• Training and Awareness Uptake: Percentage of development and QA staff completing secure coding and DevSecOps training programs.
• Audit and Compliance Pass Rate: Success rate in internal and external audits related to secure development practices and testing controls.
• Innovation and Automation Impact: Number of manual security testing processes replaced or enhanced through automation, contributing to faster and more reliable delivery