Security Risk Management Specialist

In security risk management, we're aiming to leverage industry best practices combined with innovative approaches to security risk assessments and modeling. Our security risk management team is the primary owner of the strategy and practices for identifying, tracking, and reducing security risks across all our activities.

To support this, we utilize industry standards and emerging threat intelligence to enhance risk identification, quantification, impact analysis, and modeling, ultimately guiding decision-making. In this role, you will help establish and execute a broad strategic vision for Canonical's security risk program. You will collaborate within the team and cross-functionally across the organization. The team contributes ideas and requirements to improve product security, resilience, and robustness for Ubuntu users and customers, especially against cyber threats. Additionally, the team works with our Learning and Development department to create playbooks and facilitate security training.

The mission of the security risk management team extends beyond Canonical to contribute to the broader open source ecosystem. They share knowledge through public presentations, industry events, and threat intelligence sharing, representing Canonical in sector-specific governance bodies.

1. Define Canonical's security risk management standards and playbooks
2. Analyze and improve security risk practices
3. Evaluate, select, and implement new security tools and requirements
4. Enhance the presence and thought leadership in security risk management
5. Develop learning and development materials for security risk management
6. Work with security leadership to present information and influence change
7. Develop key risk indicators and contribute to control and performance metrics
8. Apply statistical models (e.g., FAIR, sensitivity analysis) to risk frameworks
9. Participate in risk management and decision-making discussions
10. Lead quantified risk assessments and incorporate qualitative data for process improvements
11. Interpret cyber security risk analyses in business terms and advise on actions
12. Create templates and materials for self-service risk management
13. Identify opportunities to improve risk management processes
14. Initiate security assessment campaigns and mitigation efforts
15. Build evaluation methods and performance indicators for security functions

1. An exceptional academic background
2. Undergraduate degree in Computer Science, STEM, or a compelling alternative
3. Drive and a history of exceeding expectations
4. Strong motivation to be at the forefront of security technology
5. Leadership and management skills
6. Excellent written and presentation skills in English
7. Problem-solving and communication skills, with deep technical understanding of security assessments and risk management
8. Expertise in threat modeling and risk frameworks
9. Broad operational knowledge of security risk management
10. Experience with Secure Development Lifecycle and Security by Design methodologies

We consider location, experience, and performance in shaping compensation worldwide, with annual reviews and performance bonuses. Our benefits reflect our values and include:

• Distributed work environment with biannual in-person team sprints
• USD 2,000 annual learning and development budget
• Annual compensation review
• Recognition rewards
• Annual leave
• Maternity and paternity leave
• Employee Assistance Programme
• Travel opportunities to meet colleagues
• Priority Pass and travel upgrades for company events

Canonical is a pioneering open source technology company, known for publishing Ubuntu, a leading open source platform for AI, IoT, and cloud computing. Since 2004, we've operated as a remote-first organization, encouraging innovative thinking, continuous learning, and excellence. We are committed to diversity and equal opportunity in our hiring practices.