Security Risk Management Specialist

In security risk management, we aim to combine industry best practices with innovative approaches to security risk assessments and modeling. Our security risk management team is responsible for developing and maintaining strategies and practices to identify, track, and mitigate security risks across all our operations.

To support this, we utilize industry standards alongside emerging threat intelligence to enhance risk identification, quantification, impact analysis, and modeling, ultimately informing decision-making. In this role, you will help establish and execute a strategic vision for Canonical's security risk program. You will collaborate not only within the team but also cross-functionally across the organization. Our team contributes ideas and requirements to improve product security and resilience for Ubuntu users and customers. Additionally, we work with the Organizational Learning and Development team to develop playbooks and deliver security training.

The mission of the security risk management team extends beyond Canonical to contribute to the broader open source ecosystem. This includes sharing knowledge through presentations, industry events, threat intelligence sharing, and representing Canonical in governance bodies.

1. Define Canonical's security risk management standards and playbooks
2. Analyze and improve security risk practices
3. Evaluate, select, and implement new security tools and requirements
4. Enhance the presence and thought leadership in security risk management
5. Develop learning and development materials for security risk
6. Work with security leadership to present information and influence change
7. Develop key risk indicators and contribute to control and performance metrics
8. Apply statistical models to risk frameworks (e.g., FAIR, sensitivity analysis)
9. Participate in risk management and decision-making discussions
10. Lead quantified risk assessments and leverage qualitative data for process improvements
11. Interpret cyber security risk analyses in business terms and recommend actions
12. Create templates and materials for self-service risk management
13. Identify opportunities to improve risk management processes
14. Implement campaigns for security assessments and risk mitigation
15. Build evaluation methods and KPIs to measure security functions' efficiency

• An exceptional academic record
• Undergraduate degree in Computer Science or STEM, or an alternative compelling narrative
• Drive and a history of exceeding expectations
• Strong motivation to be at the forefront of security technology
• Leadership and management skills
• Excellent English communication and presentation skills
• Problem-solving skills with deep technical security expertise
• Expertise in threat modeling and risk management frameworks
• Broad operational knowledge of security risk management
• Experience with Secure Development Lifecycle and Security by Design methodologies

Our compensation considers location, experience, and performance, with annual reviews and performance bonuses. Benefits reflect our values and local needs, including:

• Distributed work environment with biannual in-person team sprints
• USD 2,000 annual learning and development budget
• Annual compensation review
• Recognition rewards
• Annual leave, parental leave, Employee Assistance Program
• Opportunities to travel and meet colleagues
• Travel upgrades for company events

About Canonical

Canonical leads in open source innovation, publishing Ubuntu—the platform for AI, IoT, and cloud solutions. We operate globally with high standards, fostering a remote-first culture since 2004. Working here means thinking differently, learning continuously, and pushing your limits.

Canonical is an equal opportunity employer, committed to diversity and inclusion, ensuring fair consideration for all applicants regardless of background.