Before you could do that you'd need to have a CISO.
I've worked in software development for over 20 years. Only one software development firm I've worked with had an infosec officer and they went bust at the turn of the century. It is rare to work with a CTO that has a clue about security,and even rarer to work with a development manager / procduct manager / project manager that knows their hashing from their encryption.
(Posting anon since my current employer is actually OK at this, and I don't want them tarred with this brush).