This is a typical organization structure with the security engineering team under the CTO office. There are some characteristics of this kind of organization structure:
- No dedicated Chief Security Officer (CSO)
- The security team may not be big—for example, under 10 members
- The security engineering team serves all projects based on their needs
- The key responsibility of the security engineering team is to provide security guidelines, policies, checklists, templates, or training for all project teams
- It's possible the security engineering team members may be allocated to a different project to be subject matter experts based on the project's needs
- Security engineering provides the guidelines, toolkits, and training, ...