Automotive Product Security Lead
WayveThe role
As the Automotive Product Security Lead at Wayve, you will define, mature, and operate the product security framework for Wayve’s automotive software activities. This spans our internal R&D fleet, robotaxi programme, and automotive software supplied to OEM customers, with assurance expectations applied proportionately to each context. You will help ensure Wayve can develop, assure, and supply automotive software that meets appropriate cybersecurity expectations from internal governance, customers, regulators, and external assessors.
You will be trusted to determine what good looks like for automotive product security at Wayve, applying industry best practice with pragmatism and adapting it to our technology, risk profile, product maturity, and stage of growth. You will translate regulations, standards, customer expectations and risk assessments into clear, practical requirements and ways of working that product and engineering teams can apply effectively.
This role sits within Security, but works in close partnership with product, engineering, safety, and customer-facing teams. This role sets standards, guides and advises, and assures implementation. Delivery teams apply the controls and processes, produce evidence and work products, maintain cybersecurity cases, and own residual risk.
This is a senior individual contributor role with broad cross-functional influence. You will be hands-on in establishing expectations, reviewing work products, advising teams, assessing cybersecurity case credibility, and challenging or escalating where evidence or risk gaps are not being addressed. As the capability matures, you will help scale repeatable processes, templates, metrics, and assurance mechanisms that allow Wayve to move quickly while maintaining the rigour expected for automotive software.
The role is advisory and assurance-focused in nature, providing oversight, challenge, and pragmatic guidance to the business while enabling product and engineering teams to meet automotive cybersecurity expectations without unnecessary friction.
Key responsibilities
Automotive Product Security Framework & Strategy
Define and maintain Wayve's automotive product security framework, aligned to ISO 21434, ASPICE for Cybersecurity, and customer assurance expectations.
Establish practical processes, templates, guidance, and minimum control expectations for automotive cybersecurity activities across R&D fleet, robotaxi, and customer software programmes.
Programme Guidance & Coordination
Act as the product security lead across automotive software activities, helping teams understand what security activities are required, when they are required, and what good evidence looks like.
Coordinate product security activity across security, product, engineering, safety, and customer-facing teams to ensure dependencies, risks, and assurance needs are understood early.
Cybersecurity Case Assurance
Define the minimum expectations, structure, and quality bar for Wayve's automotive cybersecurity cases.
Provide independent review of required work products, traceability and completeness, residual risk statements, and the overall credibility of the cybersecurity case.
Assess whether the cybersecurity case provides a defensible argument that the relevant system or software is acceptably secure for its intended context.
Product Security Risk Governance
Establish mechanisms for product cybersecurity risk visibility, challenge, escalation, and decision-making across automotive programmes.
Partner with risk owners to ensure residual product cybersecurity risks are clearly documented, treatment options are understood, remediation is tracked, and acceptance decisions are made by the appropriate accountable owners.
Challenge and escalate where risk, evidence, or delivery gaps are not being addressed appropriately.
Regulatory, Customer & OEM Readiness
Translate automotive cybersecurity regulatory, sta
Similar roles
Design & Tech
Related reads from TCHNX

The Quiet Revolution in Local-First Software
As major platforms face outages and data breaches, a new generation of developers is building applications that prioritise local data storage and peer-to-peer sync, challenging the cloud-first orthodoxy that's dominated tech for two decades.

The Quiet Revolution in Edge AI: Why Your Next Computer Might Not Need the Cloud
As neural processing units become standard in consumer devices, we're witnessing a fundamental shift in how AI applications work. Local processing is no longer a fallback; it's becoming the preferred architecture.

The Rise of AI-Assisted Code Generation 2: Are Developers Becoming Prompt Engineers?
As AI coding assistants reshape software development, the industry grapples with a fundamental question: is writing code giving way to writing prompts? We examine how London's tech scene is adapting to this seismic shift.


