Security Development and Test Director

o Partner with sales and business development teams to define and articulate the value proposition of the security development and testing offerings.

o Represent the function in client engagements, pre-sales discussions, and technical assessments.

o Design and present tailored solutions based on customer-specific challenges and threat landscapes.

o Collaborate on statements of work (SOWs) and influence product roadmaps.

• Service Delivery Assurance

o Oversee performance and quality of services delivered, ensuring SLA and KPI compliance.

o Implement governance mechanisms and standardised methodologies.

o Act as the primary escalation point for complex engagements.

o Conduct regular client reviews to identify enhancement opportunities.

• Budget and Financial Management

o Develop and manage financial plans, including budgeting and profitability analysis.

o Monitor expenses and identify cost reduction opportunities.

o Ensure profitability through forecasting and margin analysis.

o Refine pricing models and maximise billable utilisation.

• Secure Architecture and DevSecOps Integration

o Define and govern secure architecture standards across development teams, ensuring alignment with enterprise security policies, regulatory requirements, and industry frameworks (e.g., NIST, OWASP, ISO 27001).

o Lead the strategic integration of security into DevOps pipelines, embedding security controls and automated testing into CI/CD workflows to enable secure-by-design delivery.

o Oversee the implementation and optimisation of security tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container security scanners.

o Establish architectural review boards and security design checkpoints to validate that new systems and applications meet defined security requirements before deployment.

o Drive continuous improvement in DevSecOps maturity, using metrics and feedback loops to refine processes, reduce risk exposure, and accelerate secure delivery.

o Collaborate with enterprise architects, engineering leads, and product owners to ensure security is embedded from ideation through to deployment and maintenance.

o Champion threat modelling and secure design practices, ensuring development teams proactively identify and mitigate risks during the design phase.

o Mentor and upskill engineering teams on secure coding, architectural risk assessment, and DevSecOps principles to build a culture of shared security ownership.

Key Performance Indicators (KPIs)

• Secure Architecture Compliance Rate: Percentage of projects that meet defined secure architecture standards and pass architecture review gates.

• DevSecOps Integration Maturity: Measured progress in embedding security controls into CI/CD pipelines, including automated testing, code scanning, and policy enforcement.

• Security Testing Coverage: Proportion of applications and systems that undergo static, dynamic, and interactive security testing before release.

• Vulnerability Remediation Velocity: Average time taken to remediate critical and high-severity vulnerabilities identified during development and testing phases.

• Toolchain Utilisation Effectiveness: Adoption and effective use of security tools (e.g., SAST, DAST, SCA) across development teams, measured by scan frequency and issue resolution rates.

• Training and Awareness Uptake: Percentage of development and QA staff completing secure coding and DevSecOps training programs.

• Audit and Compliance Pass Rate: Success rate in internal and external audits related to secure development practices and testing controls.

• Innovation and Automation Impact: Number of manual security testing processes replaced or enhanced through automation, contributing to faster and more reliable delivery

It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security service delivery management and have evidence of experience in a number of the following fields of expertise:

• 10+ years in secure software development and testing, 5+ in leadership.

• Proven success in managing large-scale secure development projects.

• Excellent communication and client relationship skills.

• Experience managing crisis situations and leading diverse teams.

• Strong English writing and verbal communication skills.

• Attention to detail and ability to build high-performing teams.

• Relevant certifications (e.g., CISSP, CISM, CSSLP, CEH).

• Valid right to work in the UK and eligibility for UK SC clearance

NTT DATA is one of the world's largest Global Security services providers with over 7500 Security SMEs and Integration partner to many of the worlds most recognised Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfil their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure. This is a great opportunity for you to play a pivotal role in helping to shape our client's transformation journeys., We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.