Security Risk Management Specialist

In security risk management, we're looking to harness the power of industry best practices combined with innovation in security risk assessments and modeling. Our security risk management team is the primary owner of the strategy and practices for identifying, tracking, and reducing security risks across all operations.

To support this, we utilize industry best practices and emerging threat information to promote risk identification, quantification, impact analysis, and modeling, ultimately driving informed decision-making. In this role, you will help establish and execute a broad strategic vision for Canonical's security risk program. You will collaborate within the team and cross-functionally across the organization, contributing ideas and requirements to enhance product security and improve resilience for Ubuntu users. Additionally, the team works with our Learning and Development department to create playbooks and facilitate security training.

The mission of the security risk management team is not only to secure Canonical but also to contribute to the broader open source ecosystem. They share knowledge through industry presentations, threat intelligence sharing, and representation in governance bodies.

• Define security risk management standards and playbooks
• Analyze and improve security risk practices
• Evaluate and implement new security tools and practices
• Enhance the presence and thought leadership of Canonical's security risk management
• Develop learning and development materials
• Work with security leadership to present information and influence change
• Develop key risk indicators and contribute to control and performance metrics
• Apply statistical models to risk frameworks (e.g., FAIR, sensitivity analysis)
• Participate in risk management discussions and decision-making
• Lead quantified risk assessments and utilize qualitative data for process improvements
• Interpret cyber security risk analyses in business terms and recommend actions
• Create templates and materials for self-service risk management
• Identify opportunities to improve risk management processes
• Conduct security assessments and support risk mitigation efforts
• Build evaluation methods and performance indicators for security functions

• Exceptional academic record
• Undergraduate degree in Computer Science or STEM, or equivalent experience
• Drive and a history of exceeding expectations
• Motivation to be at the forefront of security technology
• Leadership and management skills
• Excellent English communication and presentation skills
• Strong problem-solving and technical understanding of security assessments and risk management
• Expertise in threat modeling and risk frameworks
• Knowledge of operational security risk management
• Experience with Secure Development Lifecycle and Security by Design

We offer competitive compensation based on location, experience, and performance, with annual reviews and bonuses. Benefits include:

• Distributed work environment with biannual in-person team sprints
• USD 2,000 annual learning and development budget
• Recognition rewards, holiday leave, maternity/paternity leave
• Employee Assistance Programme
• Travel opportunities and company event upgrades

About Canonical

Canonical is a pioneering open source technology firm, publisher of Ubuntu, and leader in AI, IoT, and cloud platforms. Since 2004, we have operated as a remote-first company, valuing excellence, innovation, and diversity. We are committed to creating an inclusive workplace and are an equal opportunity employer.