Skip to main content
Back to jobs

Executive Manager - Product Security

External
cba logoCba · Sydney Cbd Area
Full-timeOn-site1w ago
CI/CDLeadershipPenetration TestingRisk ManagementStakeholder Management
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • Product Security Strategy & Leadership:
  • Define and execute the enterprise Product Security strategy, roadmap, and operating model.
  • Establish security-by-design and secure-by-default principles across all products and platforms.
  • Drive alignment between business objectives, engineering practices, risk appetite, and security requirements.
  • Build and lead a high-performing Product Security organisation comprising Centres of Excellence and embedded security chapters.
  • Represent Product Security at executive governance forums and provide strategic advice to senior leadership.
  • Develop and manage budgets, workforce planning, capability development, and vendor relationships.
  • Lead Product Security Centres of Excellence:
  • Provide leadership and oversight for a series of Product Security CoEs, including:
  • Security Education & Awareness:
  • Establish security capability uplift programs for engineers, architects, product teams, and leaders.
  • Develop role-based learning pathways, security certifications, and hands-on training initiatives.
  • Drive a culture of shared ownership for security across the organisation.
  • Security Design:
  • Define security architecture patterns, standards, and reference designs.
  • Lead threat modelling practices and security design reviews.
  • Ensure security requirements are embedded during product planning and design phases.
  • Security Testing:
  • Establish enterprise approaches for security testing, including bug bounty, penetration testing, and adversarial assessments.
  • Drive continuous improvement of testing coverage and effectiveness.
  • Define security quality gates and risk-based testing methodologies.
  • Secure Build & Deploy:
  • Lead secure software development lifecycle (SSDLC) practices.
  • Define standards for secure coding, software supply chain security, CI/CD security, secrets management, and infrastructure security.
  • Ensure security controls are integrated into engineering platforms and delivery pipelines.
  • Security Verification:
  • Establish verification frameworks that validate security controls across products and services.
  • Lead assurance activities, security metrics, control effectiveness reviews, and evidence collection.
  • Support regulatory, audit, and risk management requirements.
  • Security Organisational Change Management (OCM):
  • Drive adoption of Security capabilities across business and technology teams.
  • Develop communication, engagement, and change strategies that accelerate security maturity.
  • Build security communities of practice and champion networks across the enterprise.
  • Product Security Chapters & Federated Delivery:
  • Lead Product Security Chapters embedded within business divisions, ensuring consistent standards and practices while supporting local delivery needs.
  • Foster strong collaboration between central CoEs and embedded security teams.
  • Ensure embedded teams provide effective security guidance throughout product development and operational lifecycles.
  • Stakeholder Management:
  • Build trusted relationships with senior executives across Technology, Product, Engineering, Risk, Legal, and Operations.
  • Influence engineering and product strategies to improve security outcomes.
  • Engage with industry forums, regulators, partners, and vendors to advance organisational capabilities.
  • Act as an executive sponsor for key security transformation initiatives.
  • Key Outcomes:
  • Security is embedded across the entire product lifecycle.
  • Product teams consistently deliver secure products at scale.
  • Security controls are automated and integrated into engineering workflows.
  • Product Security capabilities are adopted and actively used across the organisation.
  • Security risks are identified and managed proactively.
  • Engineering and business teams view security as an enabler of innovation and customer trust.
  • Leadership Accountabilities:
  • Build and lead a diverse, high-performing Product Security organisation.
  • Develop future security leaders and specialist talent.
  • Foster a culture of accountability, continuous learning, innovation, and collaboration.
  • Drive measurable improvements

Benefits

Vision insurance

Additional Information

Executive Manager, Product Security Role Purpose The Executive Manager, Product Security is responsible for leading the organisation's Product Security capability, ensuring security is embedded throughout the entire product lifecycle-from ideation and design through build, deployment, operation, and retirement. This role leads a federated operating model comprising central Product Security Centres of Excellence (CoEs) and embedded Product Security Chapters aligned to business divisions. The Executive Manager drives the strategy, governance, standards, capabilities, and culture required to deliver secure products at scale while enabling business agility and innovation. The role serves as a key security leader, partnering with Technology, Product, Engineering, Risk, and Business executives to ensure security is built into products by design, verified continuously, and maintained throughout their lifecycle.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at cba? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect