Security Risk Management Specialist

In security risk management, we aim to leverage industry best practices combined with innovative approaches to security risk assessments and modeling. Our security risk management team is responsible for defining the strategy and practices for identifying, tracking, and reducing security risks across all operations.

To support this, we utilize industry standards alongside emerging threat intelligence to enhance risk identification, quantification, impact analysis, and modeling, ultimately informing decision-making. In this role, you will help establish and execute a strategic vision for Canonical's security risk program. You will collaborate within the team and cross-functionally across the organization to improve product security, resilience, and robustness for Ubuntu users and customers. The team also partners with our Learning and Development department to create playbooks and facilitate security training.

The mission of the security risk management team extends beyond Canonical to contribute to the broader open source ecosystem. This includes sharing knowledge through industry presentations, participating in sector-specific governance, and exchanging threat intelligence with the community.

1. Define Canonical's security risk management standards and develop playbooks.
2. Analyze and improve existing security risk practices.
3. Evaluate, select, and implement new security tools and requirements.
4. Enhance the visibility and thought leadership of Canonical’s security risk management practice.
5. Create learning and development materials related to security risk.
6. Collaborate with security leadership to present insights and influence strategic changes.
7. Develop key risk indicators and contribute to the creation of control and performance metrics.
8. Apply statistical models such as FAIR and sensitivity analysis to risk frameworks.
9. Engage in risk management discussions and collaborative decision-making.
10. Lead quantitative risk assessments, integrating qualitative data to improve processes.
11. Translate security risk analyses into business terms and recommend actions.
12. Create templates and resources for self-service risk management.
13. Identify opportunities to enhance risk management processes.
14. Initiate security assessment campaigns and support mitigation efforts.
15. Develop evaluation methods and performance indicators for security functions.

• An exceptional academic record.
• An undergraduate degree in Computer Science, STEM, or a compelling alternative pathway explanation.
• A proactive attitude with a history of exceeding expectations.
• Strong motivation to be at the forefront of security technology.
• Leadership and management skills.
• Excellent written and verbal communication skills in English.
• Problem-solving skills with deep technical knowledge of security assessments and risk management.
• Expertise in threat modeling and risk management frameworks.
• Broad understanding of operational security risk management.
• Experience with Secure Development Lifecycle and Security by Design methodologies.