Security Risk Management Specialist

In security risk management, we're looking to harness the power of industry best practices combined with driving new innovation in how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices for identifying, tracking, and reducing security risks across all our activities.

To support this, we need to utilize industry best practices paired with emerging threat information to promote risk identification, quantification, impact analysis, and modelling, ultimately driving decision-making. In this role, you will help establish and execute a broad strategic vision for Canonical's security risk program. You will collaborate within the team and cross-functionally with various departments across the organization. The team contributes ideas and requirements for Canonical's product security, enhancing the resilience and robustness of all Ubuntu users against cyber threats. Additionally, the team works with our Organizational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is not only to secure Canonical but also to contribute to the security of the wider open-source ecosystem. They may share knowledge through public presentations, industry events, and share threat intelligence with the community or represent Canonical in sector-specific governance bodies.

1. Define Canonical's security risk management standards and playbooks
2. Analyze and improve Canonical's security risk practices
3. Evaluate, select, and implement new security requirements, tools, and practices
4. Enhance the presence and thought leadership of Canonical's security risk management
5. Develop security risk learning and development materials
6. Work with Security leadership to present information and influence change
7. Participate in developing key risk indicators and provide inputs for control and performance metrics
8. Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, etc.)
9. Engage in risk management, decision-making, and collaborative discussions
10. Lead quantified risk assessments and leverage qualitative data for process improvements
11. Interpret cybersecurity risk analyses in business terms and recommend actions
12. Create templates and materials for self-service risk management
13. Identify opportunities to improve risk management processes
14. Launch security assessment campaigns and help mitigate risks
15. Build evaluation methods and performance indicators for security functions

• An exceptional academic record
• Undergraduate degree in Computer Science or STEM, or a compelling alternative narrative
• Drive and a proven track record of exceeding expectations
• Deep motivation for technology security
• Leadership and management skills
• Excellent business English writing and presentation skills
• Strong problem-solving and communication skills, with deep technical security knowledge
• Expertise in threat modelling and risk management frameworks
• Broad operational knowledge of security risk management
• Experience with Secure Development Lifecycle and Security by Design methodologies

We consider location, experience, and performance in shaping compensation worldwide, revisited annually or more often for early-career staff. Benefits include a performance bonus, learning and development budget, recognition rewards, and comprehensive leave policies, among others.

• Distributed work environment with biannual in-person team sprints
• USD 2,000 annual learning and development budget
• Annual compensation review and recognition rewards
• Generous leave policies including maternity and paternity leave
• Employee Assistance Programme
• Travel opportunities to meet colleagues
• Priority Pass and travel upgrades for company events

Canonical is a pioneering open-source technology company, publisher of Ubuntu, and a leader in AI, IoT, and cloud platforms. Since 2004, we have embraced a remote-first culture, encouraging innovative thinking, continuous learning, and excellence. We are committed to diversity and equal opportunity in our hiring practices.