Security Risk Management Specialist

In security risk management, we aim to leverage industry best practices combined with innovative approaches to security risk assessments and modeling. Our security risk management team primarily owns the strategy and practices for identifying, tracking, and reducing security risks across all our activities.

We utilize industry best practices along with emerging threat intelligence to promote risk identification, quantification, impact analysis, and modeling, ultimately supporting informed decision-making. In this role, you will help establish and execute a broad strategic vision for Canonical's security risk program. You will collaborate within the team and cross-functionally across the organization, contributing ideas and requirements to enhance product security and improve the resilience of Ubuntu users against cyber threats. Additionally, you will work with our Learning and Development team to develop playbooks and facilitate security training.

The mission of the security risk management team extends beyond Canonical to contribute to the broader open source ecosystem. This includes sharing knowledge through industry presentations, participating in sector-specific governance bodies, and sharing threat intelligence with the community.

1. Define Canonical's security risk management standards and playbooks
2. Analyze and improve security risk practices
3. Evaluate, select, and implement new security requirements, tools, and practices
4. Enhance the presence and thought leadership of Canonical's security risk management
5. Develop security risk learning and development materials
6. Collaborate with Security leadership to present information and influence change
7. Develop key risk indicators and contribute to control and performance metrics
8. Apply statistical models (e.g., FAIR, sensitivity analysis) to risk frameworks
9. Participate in risk management discussions and decision-making
10. Lead quantified risk assessments, integrating qualitative data for process improvements
11. Interpret cyber security risk analyses in business terms and recommend actions
12. Create templates and materials for self-service risk management
13. Identify opportunities to improve risk management processes
14. Launch security assessment campaigns and support risk mitigation
15. Build evaluation methods and performance indicators for security functions

• Exceptional academic record
• Undergraduate degree in Computer Science, STEM, or equivalent experience
• Drive and a history of exceeding expectations
• Strong motivation for technology security
• Leadership and management skills
• Excellent English communication and presentation skills
• Problem-solving abilities with deep technical security knowledge
• Expertise in threat modeling and risk management frameworks
• Knowledge of operationalizing security risk management
• Experience with Secure Development Lifecycle and Security by Design methodology

Our compensation considers location, experience, and performance, with annual reviews and performance bonuses. Benefits reflect our values and include:

• Distributed work environment with biannual in-person team sprints
• USD 2,000 annual learning and development budget
• Annual compensation review
• Recognition rewards
• Annual leave, maternity and paternity leave
• Employee Assistance Programme
• Travel opportunities to meet colleagues
• Priority Pass and travel upgrades for company events

Canonical is a leader in open source technology, publishing Ubuntu, a key platform for AI, IoT, and cloud computing. We operate globally with high standards, fostering excellence and innovation. Since 2004, we have been a remote-first company, encouraging forward-thinking, skill development, and growth.

Canonical is an equal opportunity employer committed to diversity and inclusion, ensuring fair consideration for all applicants regardless of background or identity.