Security Program Manager

As a Security Program Manager, you will own and drive security outcomes across the organization, ensuring that as the company scales, security measurably improves. This role goes beyond program delivery: you will drive behavioral and systemic change, embedding security into how teams design, build, and operate systems. Success will be defined by adoption, influence, and measurable improvements in security posture (not just shipping controls).

• Drive security outcomes by leading organization-wide initiatives focused on measurable impact, not just control delivery.
• Continuously assess: “Are we becoming more secure as we scale?”
• Define and track outcome-driven metrics (for example, vulnerability reduction and secrets elimination).
• Lead cross-organizational transformations across ambiguous, evolving problem spaces with no predefined playbook. Examples include eliminating secrets from source code, embedding security into CI/CD pipelines, and integrating security into expansion and product planning.
• Treat initiatives as continuous transformations, not one-time projects.
• Influence architecture and engineering practices by partnering with engineering and infrastructure teams.
• Influence secure architecture decisions, including secrets management and system design.
• Drive secure SDLC practices and CI/CD integrations.
• Enable tooling adoption and standardisation across teams.
• Ensure security is embedded early in design, not retrofitted.
• Drive behavioural and cultural change to build shared ownership of security.
• Address resistance and competing priorities through alignment and persuasion.
• Enable teams to adopt secure practices without blocking delivery velocity.
• Provide strategic technical guidance with sufficient technical depth to challenge decisions and guide secure implementation patterns.
• Evaluate trade-offs between speed, scalability, and risk.
• Bridge security strategy and engineering execution.

• 10+ years in security, engineering, technical program management, or adjacent roles delivering outcomes in complex environments
• Proven ability to lead cross-functional programs end-to-end (problem framing → strategy → execution → measurement)
• Track record influencing senior stakeholders and shifting engineering behaviour (not just coordinating tasks)
• Strong understanding of secure SDLC, CI/CD, cloud/infrastructure concepts, and common security control patterns
• Experience designing and operating outcome metrics (e.g., vuln backlog reduction, secrets eradication, security guardrail adoption)
• Comfort working in ambiguity and creating structure where none exists
• Experience with secrets management, dependency/vulnerability management at scale, and developer security tooling (nice to have)
• Experience scaling security programs in high-growth product/engineering orgs (nice to have)