A security champion is a member of a development team who, in addition to their regular duties, serves as the point of contact for information security. Security champions receive targeted training in secure software development and pass their knowledge on to the team. They review code from a security perspective, drive threat modelling, and act as the bridge to the central security team. This lets you scale security competence broadly without staffing every team with a dedicated security expert. In an ISMS, a security-champion programme supports the controls for awareness and secure development.