diff --git a/charts/bifrost-gateway-controller/CHANGELOG.md b/charts/bifrost-gateway-controller/CHANGELOG.md
index 3df73b54..13f2d28c 100644
--- a/charts/bifrost-gateway-controller/CHANGELOG.md
+++ b/charts/bifrost-gateway-controller/CHANGELOG.md
@@ -4,6 +4,7 @@
 
 - Example text, add your PR info according to example below below this line. Do not bump chart version in Chart.yaml unless a chart release will be made following your PR.
 - Add ServiceMonitor CRD to enable metrics endpoint discovery and configuration ([#202](https://github.com/tv2-oss/bifrost-gateway-controller/pull/202)) [@michaelvl](https://github.com/michaelvl)
+- Update securityContext for container to contain `readOnlyRootFilesystem: true` and `runAsNonRoot: true`
 
 ## [0.1.7]
 
diff --git a/charts/bifrost-gateway-controller/templates/deployment.yaml b/charts/bifrost-gateway-controller/templates/deployment.yaml
index a9bdf9a0..94845d6e 100644
--- a/charts/bifrost-gateway-controller/templates/deployment.yaml
+++ b/charts/bifrost-gateway-controller/templates/deployment.yaml
@@ -47,6 +47,8 @@ spec:
         readinessProbe: {{- toYaml .Values.controllerManager.manager.readinessProbe | nindent 10 }}
         resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 }}
         securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
           allowPrivilegeEscalation: false
           capabilities:
             drop: