Security Risk Management Specialist

In security risk management, we aim to harness industry best practices combined with innovative approaches to security risk assessments and modeling. Our security risk management team is responsible for defining strategies and practices to identify, track, and mitigate security risks across all our operations.

To support this, we utilize industry standards and emerging threat intelligence to enhance risk identification, quantification, impact analysis, and modeling, ultimately guiding decision-making. In this role, you will establish and execute a strategic vision for Canonical's security risk program, collaborating both within the team and across various organizational units. The team contributes to product security, enhancing the resilience of Ubuntu for our users, and works with our Learning and Development team to develop security playbooks and training.

The mission of the security risk management team extends beyond Canonical to the open source ecosystem, sharing knowledge through industry presentations, threat intelligence sharing, and sector-specific governance participation.

1. Define security risk management standards and create playbooks for Canonical.
2. Analyze and improve existing security risk practices.
3. Evaluate, select, and implement new security tools and requirements.
4. Enhance Canonical's security risk management profile and thought leadership.
5. Develop training materials on security risk management.
6. Collaborate with security leadership to communicate and influence security strategies.
7. Develop key risk indicators and contribute to control and performance metrics.
8. Apply statistical models such as FAIR and sensitivity analysis to risk frameworks.
9. Participate in risk management discussions and decision-making processes.
10. Lead quantitative risk assessments and incorporate qualitative data for process improvements.
11. Interpret security risk analyses in business terms and recommend actions.
12. Create templates and resources for self-service risk management.
13. Identify opportunities to enhance risk management effectiveness.
14. Lead security assessment campaigns and mitigation initiatives.
15. Develop evaluation methods and performance indicators for security functions.

• An excellent academic record.
• Degree in Computer Science, STEM, or equivalent experience.
• Proven motivation and a track record of exceeding expectations.
• Strong interest in technology security.
• Leadership and management skills.
• Excellent English communication and presentation skills.
• Deep technical understanding of security assessments and risk management.
• Expertise in threat modeling and risk frameworks.
• Knowledge of operational security risk management.
• Experience with Secure Development Lifecycle and Security by Design.

We tailor compensation based on location, experience, and performance, with annual reviews and bonuses. Benefits include a distributed work environment, learning budgets, recognition rewards, leave policies, parental leave, assistance programs, travel opportunities, and more.

About Canonical

Canonical leads in open source innovation, publishing Ubuntu and supporting AI, IoT, and cloud platforms. We operate globally with high standards for excellence and have been a remote-first company since 2004. Working here offers a forward-looking environment that challenges you to grow and excel.

Canonical is an equal opportunity employer, committed to diversity and inclusion, and we welcome applications from all backgrounds.