Automotive Security Product Lead

The role

As Automotive Product Security Lead at Wayve, you will define, mature, and operate the product security framework for Wayve’s automotive software activities. This spans our internal R&D fleet, robotaxi programme, and automotive software supplied to OEM customers, with assurance expectations applied proportionately to each context. You will help ensure Wayve can develop, assure, and supply automotive software that meets appropriate cybersecurity expectations from internal governance, customers, regulators, and external assessors.

You will be trusted to determine what good looks like for automotive product security at Wayve, applying industry best practice with pragmatism and adapting it to our technology, risk profile, product maturity, and stage of growth. You will translate regulations, standards, customer expectations and risk assessments into clear, practical requirements and ways of working that product and engineering teams can apply effectively.

This role sits within Security, but works in close partnership with product, engineering, safety, and customer-facing teams. This role sets standards, guides and advises, and assures implementation. Delivery teams apply the controls and processes, produce evidence and work products, maintain cybersecurity cases, and own residual risk.

This is a senior individual contributor role with broad cross-functional influence. You will be hands-on in establishing expectations, reviewing work products, advising teams, assessing cybersecurity case credibility, and challenging or escalating where evidence or risk gaps are not being addressed. As the capability matures, you will help scale repeatable processes, templates, metrics, and assurance mechanisms that allow Wayve to move quickly while maintaining the rigour expected for automotive software.

The role is advisory and assurance-focused in nature, providing oversight, challenge, and pragmatic guidance to the business while enabling product and engineering teams to meet automotive cybersecurity expectations without unnecessary friction.

Key responsibilities

• Automotive Product Security Framework & Strategy

  • Define and maintain Wayve's automotive product security framework, aligned to ISO 21434, ASPICE for Cybersecurity, and customer assurance expectations.

  • Establish practical processes, templates, guidance, and minimum control expectations for automotive cybersecurity activities across R&D fleet, robotaxi, and customer software programmes.

• Programme Guidance & Coordination

  • Act as the product security lead across automotive software activities, helping teams understand what security activities are required, when they are required, and what good evidence looks like.

  • Coordinate product security activity across security, product, engineering, safety, and customer-facing teams to ensure dependencies, risks, and assurance needs are understood early.

• Cybersecurity Case Assurance

  • Define the minimum expectations, structure, and quality bar for Wayve's automotive cybersecurity cases.

  • Provide independent review of required work products, traceability and completeness, residual risk statements, and the overall credibility of the cybersecurity case.

  • Assess whether the cybersecurity case provides a defensible argument that the relevant system or software is acceptably secure for its intended context.

• Product Security Risk Governance

  • Establish mechanisms for product cybersecurity risk visibility, challenge, escalation, and decision-making across automotive programmes.

  • Partner with risk owners to ensure residual product cybersecurity risks are clearly documented, treatment options are understood, remediation is tracked, and acceptance decisions are made by the appropriate accountable owners.

  • Challenge and escalate where risk, evidence, or delivery gaps are not being addressed appropriately.

• Regulatory, Customer & OEM Readiness

  • Translate automotive cybersecurity regulatory, standards, and customer expectations into practical internal requirements and assurance activities.

  • Support preparation for external audits, customer assessments, and OEM reviews where product cybersecurity evidence is required.

  • Represent Wayve credibly in product security discussions with customers, partners, and external assessors.

• Secure Development Enablement

  • Advise and upskill product and engineering teams on automotive cybersecurity practices, including TARA, cybersecurity requirements, secure architecture, implementation evidence, verification, validation, and security testing expectations.

  • Build reusable guidance and playbooks that help teams integrate product security into existing development processes without duplicative or unnecessary process overhead.

• Metrics, Reporting & Continuous Improvement

  • Develop meaningful metrics that demonstrate automotive product security maturity, assurance readiness, evidence quality, risk treatment progress, and recurring areas of weakness.

  • Provide clear reporting to security, product, engineering and other senior stakeholders, using evidence and judgement to drive continuous improvement in Wayve's product security capability.

About you

To set you up for success as Automotive Product Security Lead at Wayve, we’re looking for the following skills and experience.

Essential

• Proven experience in a senior product security, automotive cybersecurity, embedded systems security, or security assurance role, with accountability for influencing security outcomes across complex technical programmes.

• Strong knowledge of automotive cybersecurity expectations, particularly ISO 21434 and UNECE R155.

• Experience defining, applying, or assessing cybersecurity lifecycle activities and work products, including TARA, cybersecurity goals, cybersecurity requirements, verification and validation evidence, and residual risk treatment.

• Strong technical judgement across software security, embedded or vehicle systems, secure architecture, threat modelling, security testing, and risk assessment.

• Experience reviewing or contributing to cybersecurity cases, assurance cases, technical evidence packs, or comparable structured security arguments.

• Excellent judgement and independence, with confidence challenging issues while maintaining constructive working relationships.

• Experience partnering with product, engineering, delivery, safety, legal, security, supplier, or customer-facing teams to deliver proportionate and effective security outcomes.

• Strong written and verbal communication skills, able to translate standards, risks, and assurance expectations into clear, practical guidance for technical and non-technical stakeholders.

• Comfort operating with high autonomy in a fast-moving, ambiguous environment where the right level of process needs to be designed, not simply inherited.

Desirable

• Experience establishing or scaling a product security or automotive cybersecurity capability in a growing or fast-moving organisation.

• Experience with OEM customer assurance, external audits, cybersecurity certification, type approval, or independent assessment activity.

• Familiarity with ASPICE, ISO 26262, ISO 21448 / SOTIF, or safety-security interface management.

• Experience with autonomous vehicles, ADAS, robotics, safety-critical software, automotive software platforms, vehicle networks, OTA update systems, or fleet operations.

• Experience managing product-security-relevant supplier assurance, supplier evidence, or third-party cybersecurity risk in an automotive context.

• Relevant certifications or training, such as ISO 21434, CISSP, CSSLP, GICSP, or automotive cybersecurity training.

This is a full-time role based in our offices in London, Sunnyvale or Leonberg.  At Wayve we want the best of all worlds so we operate a hybrid working policy that combines time together in our offices and workshops to fuel innovation, culture, relationships and learning, and time spent working from home.  We operate core working hours so you can determine the schedule that works best for you and your team.