Executive Manager, Product Security
Role Purpose
The Executive Manager, Product Security is responsible for leading the organisation's Product Security capability, ensuring security is embedded throughout the entire product lifecycle—from ideation and design through build, deployment, operation, and retirement.
This role leads a federated operating model comprising central Product Security Centres of Excellence (CoEs) and embedded Product Security Chapters aligned to business divisions. The Executive Manager drives the strategy, governance, standards, capabilities, and culture required to deliver secure products at scale while enabling business agility and innovation.
The role serves as a key security leader, partnering with Technology, Product, Engineering, Risk, and Business executives to ensure security is built into products by design, verified continuously, and maintained throughout their lifecycle.
Key Responsibilities:
Product Security Strategy & Leadership:
Define and execute the enterprise Product Security strategy, roadmap, and operating model.
Establish security-by-design and secure-by-default principles across all products and platforms.
Drive alignment between business objectives, engineering practices, risk appetite, and security requirements.
Build and lead a high-performing Product Security organisation comprising Centres of Excellence and embedded security chapters.
Represent Product Security at executive governance forums and provide strategic advice to senior leadership.
Develop and manage budgets, workforce planning, capability development, and vendor relationships.
Lead Product Security Centres of Excellence:
Provide leadership and oversight for a series of Product Security CoEs, including:
Security Education & Awareness:
- Establish security capability uplift programs for engineers, architects, product teams, and leaders.
Develop role-based learning pathways, security certifications, and hands-on training initiatives.
Drive a culture of shared ownership for security across the organisation.
Security Design:
Define security architecture patterns, standards, and reference designs.
Lead threat modelling practices and security design reviews.
Ensure security requirements are embedded during product planning and design phases.
Security Testing:
Establish enterprise approaches for security testing, including bug bounty, penetration testing, and adversarial assessments.
Drive continuous improvement of testing coverage and effectiveness.
Define security quality gates and risk-based testing methodologies.
Secure Build & Deploy:
Lead secure software development lifecycle (SSDLC) practices.
Define standards for secure coding, software supply chain security, CI/CD security, secrets management, and infrastructure security.
Ensure security controls are integrated into engineering platforms and delivery pipelines.
Security Verification:
Establish verification frameworks that validate security controls across products and services.
Lead assurance activities, security metrics, control effectiveness reviews, and evidence collection.
Support regulatory, audit, and risk management requirements.
Security Organisational Change Management (OCM):
Drive adoption of Security capabilities across business and technology teams.
Develop communication, engagement, and change strategies that accelerate security maturity.
Build security communities of practice and champion networks across the enterprise.
Product Security Chapters & Federated Delivery:
Lead Product Security Chapters embedded within business divisions, ensuring consistent standards and practices while supporting local delivery needs.
Foster strong collaboration between central CoEs and embedded security teams.
Ensure embedded teams provide effective security guidance throughout product development and operational lifecycles.
Stakeholder Management:
Build trusted relationships with senior executives across Technology, Product, Engineering, Risk, Legal, and Operations.
Influence engineering and product strategies to improve security outcomes.
Engage with industry forums, regulators, partners, and vendors to advance organisational capabilities.
Act as an executive sponsor for key security transformation initiatives.
Key Outcomes:
Security is embedded across the entire product lifecycle.
Product teams consistently deliver secure products at scale.
Security controls are automated and integrated into engineering workflows.
Product Security capabilities are adopted and actively used across the organisation.
Security risks are identified and managed proactively.
Engineering and business teams view security as an enabler of innovation and customer trust.
Leadership Accountabilities:
Build and lead a diverse, high-performing Product Security organisation.
Develop future security leaders and specialist talent.
Foster a culture of accountability, continuous learning, innovation, and collaboration.
Drive measurable improvements in organisational security maturity and resilience.
Balance security outcomes with customer experience, speed, and business value.
Experience & Qualifications:
Essential:
Extensive senior leadership experience in Product Security, Application Security, Cyber Security, or Secure Engineering.
Proven experience leading large-scale security transformation programs.
Deep understanding of secure software development lifecycles and modern engineering practices.
Demonstrated experience building and leading Centres of Excellence and federated operating models.
Strong understanding of cloud security, DevSecOps, software supply chain security, and modern application architectures.
Experience engaging with executive stakeholders and Boards on security matters.
Strong commercial, risk management, and strategic planning capabilities.
Desirable:
Experience within highly regulated industries.
Professional certifications such as CISSP, CSSLP, CISM, SABSA, GIAC, or equivalent.
Experience leading global or enterprise-scale Product Security organisations.
If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.
We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.
Advertising End Date: 28/06/2026
