Senior Programme Manager - Secure by Design

Overview

We are seeking an experienced Senior Programme Manager to lead a large-scale, multi-year Secure by Design (SbD) transformation programme. The programme defines and operationalises what good looks like for secure application and platform delivery, enabling broader strategic initiatives such as GenAI threat modelling, AI-enabled security assessment, chatbot capabilities, and ongoing security accountability metrics.

The role will lead delivery across three critical workstreams, coordinating multiple distributed teams while maintaining strong governance, cadence, and executive engagement. This position requires deep experience operating at both Programme Lead and Scrum/delivery leadership levels, bridging strategy with hands-on execution.

Programme Scope & Workstreams

The Senior Programme Manager will own and coordinate three core workstreams:

1. Operating Model & AI Agents (OpModel/Agents)

• Lead process-driven change for security assessment through the use of AI Agents and automation.

• Drive adoption of new operating models that embed security assessment earlier and more consistently across delivery.

• Partner with security, architecture, and engineering teams to translate AI-enabled concepts into practical delivery.

2. Secure by Design Repository (SbD Repo)

• Establish and govern a Secure by Design Repository.

• Lead:

  • Migration of Legacy security patterns and content.

  • Co-development of reusable, practical secure-by-design patterns.

  • Baseline technology platforms against defined business and application scenarios.

• Ensure repository governance supports scale, reuse, and consistent security outcomes across portfolios.

3. BISO/Security Engagement Model

• Build and operationalise the Secure by Design engagement model across portfolios.

• Act as the bridge between:

  • Central security teams (CISO org, security architecture, risk, compliance)

  • Business units, product, and technology teams

• Establish governance boards, engagement processes, and change management frameworks to ensure security is Embedded by design, not bolted on.

Key ResponsibilitiesProgramme Leadership & Governance

• Lead the Secure by Design programme through WALK and RUN programme increments.

• Own programme structure, governance, and delivery cadence across all workstreams.

• Deliver senior-level reporting including dashboards, KPIs, OKRs, and risk management.

• Present progress, risks, and decisions at VP/SVP SteerCos and leadership forums.

Workstream & Delivery Oversight

• Manage and coordinate three concurrent workstreams, ensuring alignment to overall programme objectives.

• Support delivery teams through:

  • RAID management

  • Sprint cadence and planning

  • Demo planning and release readiness

• Ensure consistent application of the Crawl-Walk-Run delivery framework.

Stakeholder & Executive Engagement

• Act as the primary coordination point for senior technical and business stakeholders.

• Provide clear upward communication, proactive escalation, and decision support.

• Influence and align VP/SVP-level stakeholders across security, technology, and business domains.

Strategy, Change & Enablement

• Support leadership in shaping delivery frameworks, operating models, and governance best practices.

• Drive organisational change management to enable sustainable adoption of Secure by Design principles.

• Ensure outcomes are practical, scalable, and Embedded into day-to-day delivery.

Required Experience

• Extensive experience leading large, complex, multi-team international programmes.

• Proven capability managing multiple parallel workstreams with interdependencies.

• Experience relevant to both Programme Lead and Scrum/delivery leadership roles.

• Strong executive engagement skills, with confidence presenting to VP-level and above.

• Deep experience in programme governance, reporting, and delivery structure.

• Background in one or more of the following:

  • Security governance and operating models

  • Secure platform patterns and repositories

  • AI-enabled or automation-driven process change

  • Large-scale technology or security transformation programmes

• Understanding of Agile and iterative delivery practices (preferred).

• Excellent communication, stakeholder management, and change leadership skills.

• Ability to operate effectively across EU, India, and US time zones.

BISO Context (Highly Beneficial)

Experience operating in or alongside a BISO-style engagement model is highly beneficial. This includes:

• Translating central security strategy into business-aligned delivery.

• Embedding security into product and platform life cycles.

• Operating at the intersection of security, technology, and business priorities.

Travel: Occasional travel to Memphis, US (February and May/June workshops)

This role is now live again and the client has requested applicants with significant Secure By Design experience.