Senior Secure by Design Manager 80-100%

📍 Job Overview

Job Title: Senior Secure by Design Manager 80-100%

Company: Sunrise GmbH

Location: Zurich, Switzerland

Job Type: Full-Time

Category: Security Operations & GTM Strategy

Date Posted: March 19, 2026

Experience Level: Senior (10+ years)

Remote Status: Hybrid

🚀 Role Summary

• Drive the integration of security principles into the early stages of product and system design, ensuring a proactive security posture.

• Lead and champion the "Secure by Design" philosophy across engineering, product development, and relevant GTM teams.

• Foster an environment of innovation and continuous improvement in security practices, aligning with digital transformation initiatives.

• Manage and oversee security-related projects and initiatives, ensuring alignment with business objectives and regulatory compliance.

• Contribute to the company's mission of connecting people, championing innovation, and accelerating digital life through robust security frameworks.

📝 Enhancement Note: The role title "Senior Secure by Design Manager" strongly implies that this position sits within a GTM (Go-To-Market) or Product Operations context, focusing on how security is embedded in offerings that reach customers. The emphasis on "accelerating digital life" and "championing innovation" suggests a forward-thinking company that requires security to be a foundational element of its products and services, not an afterthought. Therefore, this role likely involves close collaboration with product management, engineering, marketing, and sales enablement teams to ensure security is a key differentiator and enabler for Go-To-Market strategies.

📈 Primary Responsibilities

• Develop and implement comprehensive "Secure by Design" strategies and frameworks, ensuring security is a core consideration from conception through development and deployment.

• Collaborate closely with product management and engineering teams to embed security requirements and best practices into the product lifecycle and software development lifecycle (SDLC).

• Conduct security design reviews, threat modeling, and risk assessments for new products, features, and system architectures.

• Define and manage security standards, guidelines, and controls for secure coding, data protection, and infrastructure security.

• Train and mentor development teams on secure coding practices, security architecture principles, and the "Secure by Design" methodology.

• Establish and maintain metrics to measure the effectiveness of "Secure by Design" initiatives and report on security posture to executive stakeholders.

• Stay abreast of emerging security threats, vulnerabilities, and industry best practices, translating this knowledge into actionable security improvements.

• Support GTM teams by providing security expertise for product launches, customer inquiries, and compliance documentation.

• Drive a culture of security awareness and accountability across the organization, promoting shared responsibility for security.

• Manage relationships with third-party security vendors and partners as needed.

📝 Enhancement Note: Given the hybrid nature and the emphasis on "connecting people" and "accelerating digital life," the responsibilities will likely extend to ensuring security considerations are integrated into customer-facing solutions and digital services. This means the manager will need to translate complex security concepts into user-friendly requirements and potentially contribute to security messaging for marketing and sales collateral.

🎓 Skills & Qualifications

Education: Bachelor's degree in Computer Science, Information Security, Engineering, or a related field. A Master's degree or relevant professional certifications (e.g., CISSP, CSSLP, CISM) are highly advantageous.

Experience: Minimum of 10 years of progressive experience in information security, with a significant focus on secure software development, security architecture, and risk management. Proven experience in a senior management or leadership role.

Required Skills:

• Deep understanding of the "Secure by Design" principles and their application throughout the product development lifecycle.

• Expertise in threat modeling, risk assessment methodologies, and security architecture design.

• Strong knowledge of secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and mitigation techniques.

• Proven ability to lead and influence cross-functional teams, including engineering, product, and GTM organizations.

• Excellent communication, presentation, and interpersonal skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.

• Experience with agile development methodologies and integrating security into DevOps/DevSecOps pipelines.

• Strategic thinking and problem-solving capabilities with a proactive, results-oriented approach.

Preferred Skills:

• Experience in the telecommunications or a related digital services industry.

• Familiarity with cloud security best practices (AWS, Azure, GCP).

• Understanding of relevant compliance frameworks and regulations (e.g., GDPR, ISO 27001).

• Experience with security automation tools and platforms.

• Familiarity with GTM strategies and how security impacts product positioning and customer adoption.

📝 Enhancement Note: The "AI_key_skills" list includes "Secure by Design," which is the core focus. The "AI_taxonomies_a" suggest "Management & Leadership," "Security & Safety," and "Software," reinforcing the need for strong leadership and technical software security expertise. The "AI_experience_level" of "10+" years confirms the senior nature of the role.

📊 Process & Systems Portfolio Requirements

Portfolio Essentials:

• Demonstrated ability to develop and implement robust security frameworks and policies.

• Case studies showcasing successful integration of "Secure by Design" principles into product development lifecycles, leading to measurable risk reduction.

• Examples of security architecture designs for complex systems or products, highlighting threat mitigation strategies.

• Documentation of security review processes, including threat modeling methodologies and risk assessment reports.

Process Documentation:

• Creation and refinement of secure SDLC processes, including requirements gathering, design, coding, testing, and deployment phases.

• Development of standardized threat modeling procedures and risk assessment frameworks.

• Establishment of incident response and vulnerability management protocols.

• Documentation of security requirements for new product features and system enhancements.

• Processes for continuous monitoring and improvement of security controls.

📝 Enhancement Note: For a senior management role focused on "Secure by Design," a portfolio should highlight strategic contributions, process development, and leadership impact, rather than just individual technical contributions. Emphasis should be on how the candidate has built or improved security processes and frameworks that have a lasting impact on the organization's security posture.

💵 Compensation & Benefits

Salary Range: Based on industry standards for a Senior Secure by Design Manager in Zurich, Switzerland, with 10+ years of experience, the estimated annual gross salary range is CHF 140,000 - CHF 180,000. This range accounts for the senior level, specialized expertise, and the high cost of living in Zurich.

Benefits:

• Comprehensive health, dental, and vision insurance plans.

• Generous paid time off (PTO) and public holiday allowance.

• Retirement savings plan with company contributions.

• Professional development and training opportunities, including certifications and conferences.

• Employee assistance program (EAP) for well-being support.

• Potential for performance-based bonuses.

• Subsidized public transportation or parking options.

• Discounts on Sunrise products and services.

Working Hours: 80-100% of a standard full-time work week (approximately 32-40 hours per week), offering flexibility. The hybrid work model allows for a balance between in-office collaboration and remote work.

📝 Enhancement Note: The salary estimate is based on research of similar senior security management roles in the Zurich area, considering the specified experience level (10+ years) and the nature of "Secure by Design" expertise. The benefits listed are typical for large, established companies in Switzerland, with specific additions relevant to a technology-focused organization like Sunrise GmbH.

🎯 Team & Company Context

🏢 Company Culture

Industry: Telecommunications & Digital Services. Sunrise GmbH is a major player in the Swiss telecommunications market, offering mobile, internet, and TV services. This industry is characterized by rapid technological advancement, intense competition, and a strong focus on customer experience and data security.

Company Size: Sunrise GmbH is a large enterprise, indicated by its presence in the job market and the typical scale of telecommunications operations. This often means structured processes, diverse teams, and opportunities for significant impact.

Founded: (Information not provided in input, but typical for large telcos). A long history would imply established processes and a deep understanding of the market, while a more recent founding might suggest a more agile and innovative culture.

Team Structure:

• The "Senior Secure by Design Manager" likely leads a dedicated security team or is a key individual contributor within a broader security or engineering organization.

• This role will collaborate extensively with Product Management, Engineering (Software Development), Architecture, GTM (Sales Enablement, Marketing), and potentially Compliance and Legal departments.

Methodology:

• Data-driven approach to security risk assessment and threat prioritization.

• Agile and iterative development methodologies, integrating security into sprints and release cycles.

• Emphasis on proactive security measures and continuous improvement, rather than reactive incident response.

• Collaborative problem-solving and knowledge sharing across technical disciplines.

Company Website: https://www.sunrise.ch/ (Assumed based on industry and location)

📝 Enhancement Note: Sunrise GmbH's position in the telecommunications industry suggests a company that relies heavily on robust infrastructure and digital services. The "Secure by Design" role is critical here to ensure customer trust and compliance in a data-sensitive environment. The company's mission to "connect people, champion innovation, and accelerate digital life" indicates a culture that values forward-thinking solutions, where security is an enabler of these goals.

📈 Career & Growth Analysis

Operations Career Level: This role is at a senior management level within the security domain, specifically focused on proactive security integration. It requires a blend of deep technical expertise in software security and strong leadership and strategic planning capabilities. The scope involves influencing product roadmaps and engineering practices across the organization.

Reporting Structure: The Senior Secure by Design Manager will likely report to a senior executive within the security or technology organization, such as the CISO or a VP of Engineering. This structure provides visibility and influence over critical product development processes.

Operations Impact: The impact of this role is significant, as it directly influences the security posture of Sunrise GmbH's products and services. By embedding security early in the design phase, the manager helps prevent costly breaches, maintain customer trust, ensure regulatory compliance, and enable the company to innovate safely and confidently. This role is crucial for protecting the company's reputation and revenue streams.

Growth Opportunities:

• Advancement to CISO or Head of Product Security roles.

• Opportunity to lead larger security teams or broader security domains (e.g., Application Security, Cloud Security).

• Potential to become a recognized leader in secure development practices within the telecommunications industry.

• Opportunities for specialized training and certifications in emerging security fields.

• Involvement in strategic technology planning and executive decision-making related to security investments.

📝 Enhancement Note: The "Senior" title and the 10+ years of experience indicate a role with significant responsibility and potential for further career progression. The focus on "Secure by Design" positions the candidate as a strategic leader, not just an operational executor, which opens doors to higher-level leadership positions.

🌐 Work Environment

Office Type: Sunrise GmbH likely operates modern office spaces designed to foster collaboration and innovation. Given the hybrid work arrangement, the offices will be equipped for both individual focused work and team-based activities.

Office Location(s): The primary location is Zurich, Switzerland (Glattpark_AmbassadorHouse), a major business hub. This location offers excellent infrastructure and accessibility for employees.

Workspace Context:

• Collaborative spaces designed for team meetings, brainstorming sessions, and cross-functional workshops.

• Access to modern technology and tools necessary for security analysis, design, and collaboration.

• Opportunities for informal interaction with colleagues from various departments, fostering a holistic understanding of the business.

• Quiet zones or dedicated focus areas for deep work and concentration.

Work Schedule: The 80-100% work arrangement provides flexibility. The hybrid model allows employees to structure their week, balancing office presence for collaboration and remote work for focused tasks, which is ideal for roles requiring deep analytical work and strategic planning.

📝 Enhancement Note: The hybrid nature of this role suggests a modern work environment that values employee autonomy and work-life balance, while still recognizing the importance of in-person interaction for strategic initiatives and team cohesion.

📄 Application & Portfolio Review Process

Interview Process:

• Initial Screening: HR or Recruiter call to assess basic qualifications, cultural fit, and interest.

• Hiring Manager Interview: Deep dive into experience, technical skills, leadership style, and understanding of "Secure by Design" principles.

• Technical/Panel Interview: Assessment by peers and stakeholders from Engineering, Product, and potentially other security functions. This may include scenario-based questions, threat modeling exercises, and discussions of past projects.

• Presentation/Case Study: Candidates may be asked to present a case study on a past "Secure by Design" initiative, a proposed framework, or a solution to a hypothetical security challenge.

• Final Interview: Meeting with senior leadership (e.g., CISO, VP) to discuss strategic alignment, long-term vision, and final fit.

Portfolio Review Tips:

• Highlight Impact: Focus on quantifiable achievements and the business impact of your "Secure by Design" initiatives (e.g., reduction in vulnerabilities, improved compliance scores, faster secure product releases).

• Showcase Process Development: Include examples of frameworks, methodologies, or processes you've developed or significantly improved.

• Demonstrate Leadership: Provide evidence of your ability to influence teams, mentor individuals, and drive cultural change.

• Structure Case Studies: For any presented case study, clearly outline the problem, your approach, the solutions implemented, and the measurable results.

• Tailor to Sunrise: Research Sunrise GmbH's products, services, and stated mission to tailor your examples to their specific context.

Challenge Preparation:

• Threat Modeling: Be prepared to walk through a threat modeling exercise for a common digital service or product component.

• Secure Design Principles: Be ready to discuss how you would approach designing a new feature with security as a primary requirement.

• Cross-functional Collaboration: Prepare examples of how you've successfully collaborated with non-security teams (e.g., product, engineering) to achieve security goals.

📝 Enhancement Note: The portfolio review for a "Secure by Design Manager" should emphasize strategic thinking, process improvement, and leadership. Candidates should be ready to demonstrate not just technical knowledge but also their ability to translate that knowledge into actionable, scalable security practices that support business objectives.

🛠 Tools & Technology Stack

Primary Tools:

• Threat Modeling Tools: Microsoft Threat Modeling Tool, OWASP Threat Dragon, or similar.

• Security Code Analysis (SAST/DAST): Tools like SonarQube, Veracode, Checkmarx, or integrated IDE plugins.

• Vulnerability Management Platforms: Qualys, Tenable, or similar.

• Collaboration Platforms: Jira, Confluence, Microsoft Teams, Slack for project management and communication.

Analytics & Reporting:

• Security Information and Event Management (SIEM) systems (e.g., Splunk, LogRhythm) for monitoring and analysis.

• Business Intelligence (BI) tools for reporting on security metrics and KPIs.

CRM & Automation:

• While not a direct CRM role, understanding how security impacts customer data within CRM systems is beneficial.

• Automation tools for security testing, policy enforcement, and incident response workflows (e.g., SOAR platforms).

• CI/CD pipeline tools (e.g., Jenkins, GitLab CI, Azure DevOps) with integrated security scanning capabilities.

📝 Enhancement Note: The technology stack for a "Secure by Design" role focuses heavily on development lifecycle tools, security analysis platforms, and collaborative environments. Proficiency in integrating security into DevSecOps pipelines is a key expectation.

👥 Team Culture & Values

Operations Values:

• Security First: A commitment to prioritizing security in all decisions and actions, viewing it as an enabler of innovation and trust.

• Proactive & Preventative: A mindset focused on anticipating and mitigating risks before they materialize, rather than solely reacting to incidents.

• Collaboration & Partnership: Valuing strong working relationships with engineering, product, and GTM teams to achieve shared security objectives.

• Continuous Improvement: A dedication to learning, adapting, and refining security practices and processes in response to evolving threats and technologies.

• Accountability & Ownership: Taking responsibility for security outcomes and driving initiatives to successful completion.

Collaboration Style:

• Cross-functional Integration: Actively engaging with product managers, developers, architects, and GTM professionals to embed security seamlessly into their workflows.

• Consultative Approach: Acting as a trusted advisor, providing security guidance and expertise in a constructive and supportive manner.

• Knowledge Sharing: Promoting best practices and fostering a culture of security awareness through training, workshops, and open communication.

• Data-Informed Decision Making: Utilizing metrics and risk assessments to guide security strategies and prioritize efforts.

📝 Enhancement Note: The company's mission to "champion innovation" and "accelerate digital life" suggests a culture that embraces change and forward momentum. The "Secure by Design" manager will need to demonstrate how security can support, rather than hinder, these goals, fostering a collaborative and partnership-oriented approach.

⚡ Challenges & Growth Opportunities

Challenges:

• Balancing Security and Speed: Ensuring that robust security measures do not unduly slow down product development cycles or hinder innovation.

• Cultural Shift: Driving adoption of "Secure by Design" principles across diverse teams with varying levels of security awareness and priorities.

• Evolving Threat Landscape: Keeping pace with rapidly changing cyber threats and vulnerabilities, and continuously updating security strategies.

• Resource Allocation: Advocating for necessary resources (budget, personnel, tools) to implement and maintain effective security programs.

• Integrating Security into Legacy Systems: Addressing security concerns in older systems that may not have been designed with modern security principles in mind.

Learning & Development Opportunities:

• Advanced Security Certifications: Pursuing specialized certifications in areas like cloud security, application security, or security architecture.

• Industry Conferences & Training: Attending leading security conferences (e.g., Black Hat, RSA) and specialized training courses.

• Leadership Development Programs: Participating in programs focused on strategic leadership, team management, and executive communication.

• Mentorship: Engaging with senior security leaders within or outside the organization for guidance and career advice.

• Exposure to New Technologies: Gaining hands-on experience with emerging technologies and their security implications.

📝 Enhancement Note: The challenges highlight the need for strategic thinking, strong communication, and adaptability. The growth opportunities underscore Sunrise GmbH's commitment to employee development, particularly in specialized and high-demand fields like security.

💡 Interview Preparation

Strategy Questions:

• "How would you define 'Secure by Design' for a telecommunications company like Sunrise, and what are the key pillars you would focus on?" (Focus on tailoring principles to the industry, e.g., data privacy, network security, service availability).

• "Describe a time you had to convince a product or engineering team to prioritize security over a feature release. What was your approach, and what was the outcome?" (Highlight your negotiation, influence, and communication skills).

Company & Culture Questions:

• "How does security contribute to Sunrise's mission of 'connecting people, championing innovation, and accelerating digital life'?" (Connect security to business value and innovation enablement).

• "Given our hybrid work model, how would you foster a strong 'Secure by Design' culture and ensure consistent security practices across remote and in-office teams?" (Discuss communication strategies, collaboration tools, and awareness programs).

Portfolio Presentation Strategy:

• Structure: Organize your portfolio around key achievements: developing frameworks, implementing processes, leading teams, and driving measurable security improvements.

• Quantify Impact: For each example, clearly state the problem, your role, your actions, and the quantifiable results (e.g., X% reduction in critical vulnerabilities, Y% faster secure release cycles, Z compliance audits passed).

• Showcase Process: Be prepared to walk through a specific process you've implemented or improved, like your threat modeling methodology or secure coding review process.

• Tailor to Sunrise: Emphasize any experience relevant to telecommunications, digital services, or large-scale customer-facing platforms.

📝 Enhancement Note: Preparation should focus on demonstrating strategic thinking, leadership, and a deep understanding of how to embed security into product development within a large, innovative organization. Candidates should be ready to articulate their vision for "Secure by Design" at Sunrise GmbH.

📌 Application Steps

To apply for this operations position:

• Submit your application through the provided Workday link: https://sunrise.wd3.myworkdayjobs.com/Sunrise/job/Zurich-Headquarter/Senior-Secure-by-Design-Manager-80-100-_REQ_30036367

• Tailor Your Resume: Highlight achievements and responsibilities directly related to "Secure by Design," secure software development, security architecture, risk management, and leadership experience. Use keywords from the job description and operations industry best practices.

• Prepare Your Portfolio: Curate documents and case studies that showcase your process development, impact, and leadership in security. Focus on examples that demonstrate how you've proactively embedded security into product lifecycles.

• Research Sunrise GmbH: Understand their business, services, mission, and current role in the telecommunications market. Consider how "Secure by Design" directly supports their strategic goals.

• Practice Interview Responses: Prepare for strategic, technical, and behavioral questions, focusing on demonstrating your ability to lead security initiatives and collaborate effectively across departments.

⚠️ Important Notice: This enhanced job description includes AI-generated insights and operations industry-standard assumptions. All details should be verified directly with the hiring organization before making application decisions.

---