Product Cyber Security Manager in London

We’re partnering with a major European technology organisation undergoing a significant security transformation to appoint a Product Cyber Security Manager—a pivotal role with enterprise-wide impact. This is a rare opportunity to shape and lead a pan-European secure development capability, embedding “shift-left” principles across a complex portfolio of products and services used by millions. You’ll operate at the intersection of engineering, security, and business leadership—driving cultural change, reducing cyber risk, and influencing how software is built at scale.

The Opportunity

Cyber risk is now a board-level priority. This role exists to build a best-in-class Secure Development Practice that protects the organisation’s products, customers, and reputation. You’ll define the strategy, build capability, and lead both a high-performing core team and a virtual network of 20–50 specialists across Europe—bringing together existing expertise into a unified, high-impact function. Longer term, you’ll take ownership of product security across all European markets, shaping policy, tooling, and governance that directly influence delivery, quality, and resilience.

What You’ll Be Doing

• Build and lead a specialist secure development team, setting the vision and operating model.
• Establish a Centre of Excellence for secure engineering, driving consistency and best practice.
• Develop and embed SDLC frameworks, policies, and guardrails aligned to leading standards (NIST SSDF, OWASP, ISO).
• Create and scale a pan-European virtual capability, influencing without direct authority.
• Partner with senior stakeholders across engineering, product, legal, and commercial teams to embed security into lifecycle governance.
• Define and implement a modern DevSecOps tooling strategy (CI/CD, SAST/DAST, SCM, automation).
• Drive secure coding, threat modelling, and supply chain security practices (SBOM, provenance, signing).
• Develop KPIs, metrics, and maturity models to track and continuously improve SDLC performance.
• Build compelling business cases for investment, linking security improvements to risk reduction and commercial outcomes.
• Act as a trusted advisor to senior leadership, challenging the status quo and influencing at board level.

What We’re Looking For

This is a senior, strategic hire—ideal for someone who has already operated at a senior level within a large, complex environment. You’ll bring:

• Proven experience leading secure development or DevSecOps transformation at scale.
• Deep knowledge of SDLC security frameworks (e.g. NIST SSDF, OWASP SAMM/ASVS, ISO 27034).
• Strong understanding of modern engineering practices (Agile, CI/CD, cloud, automation).
• Expertise in application security, threat modelling, and secure coding standards.
• Experience implementing tooling ecosystems (e.g. SAST, DAST, SCA, pipeline automation).
• A track record of influencing senior stakeholders and driving cultural change.
• Ability to build and lead both direct and virtual teams across geographies.
• Commercial awareness—understanding how security decisions impact time-to-market and business outcomes.

Why This Role?

• Enterprise-wide impact: Shape how software is built across a major European organisation.
• Strategic influence: Engage directly with executive leadership and board-level stakeholders.
• Build from the ground up: Create and define a capability that doesn’t yet fully exist.
• Scale and complexity: Work across diverse products, markets, and engineering teams.
• Career-defining opportunity: A chance to lead one of the most critical areas in modern technology delivery.