Security Risk Management Specialist

In security risk management, we're looking to harness the power of industry best practices combined with driving new innovation in how we do security risk assessments and modeling. Our security risk management team is the primary owner of the strategy and practices for identifying, tracking, and reducing security risks across all our activities.

To support this, we utilize industry best practices along with emerging threat intelligence to promote risk identification, quantification, impact analysis, and modeling to inform decision-making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will collaborate within the team and cross-functionally with various departments across the organization. The team contributes ideas and requirements for Canonical's product security, enhancing the resilience and robustness of all Ubuntu users and customers against cyber threats. Additionally, the team works with our Organizational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission extends beyond securing Canonical; they aim to contribute to the security of the broader open-source ecosystem. They may share knowledge through public presentations and industry events, share threat intelligence with the community, or represent Canonical in sector-specific governance bodies.

1. Define Canonical's security risk management standards and playbooks
2. Analyze and improve Canonical's security risk practices
3. Evaluate, select, and implement new security requirements, tools, and practices
4. Enhance the presence and thought leadership of Canonical's security risk management
5. Develop security risk learning and development materials
6. Work with security leadership to present information and influence change
7. Participate in developing key risk indicators, control indicators, and performance metrics
8. Apply statistical models to risk frameworks (e.g., FAIR, sensitivity analysis)
9. Engage in risk management, decision-making, and collaborative discussions
10. Lead quantified risk assessments and leverage qualitative data for process improvements
11. Interpret cyber security risk analyses in business terms and recommend actions
12. Create templates and materials for self-service risk management
13. Identify opportunities to improve risk management processes
14. Launch campaigns for security assessments and mitigation
15. Build evaluation methods and performance indicators for security functions

• An exceptional academic record
• Undergraduate degree in Computer Science or STEM, or a compelling alternative narrative
• Drive and a history of exceeding expectations
• Strong motivation to be at the forefront of security technology
• Leadership and management skills
• Excellent English communication and presentation skills
• Problem-solving skills with deep technical understanding of security assessments and risk management
• Expertise in threat modeling and risk frameworks
• Broad knowledge of operational security risk management
• Experience with Secure Development Lifecycle and Security by Design methodologies

We consider location, experience, and performance in shaping compensation worldwide. We revisit compensation annually to recognize outstanding performance. Benefits include a performance-driven bonus, additional benefits reflecting our values, and programs tailored to local needs.

• Distributed work environment with biannual in-person team sprints
• USD 2,000 annual learning and development budget
• Annual compensation reviews
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Program
• Travel opportunities to meet colleagues
• Priority Pass and travel upgrades for company events

Canonical is a pioneering open-source tech company, publisher of Ubuntu, and a leader in AI, IoT, and cloud platforms. Since 2004, we've been a remote-first organization committed to excellence and innovation. Working here means thinking differently, working smarter, learning new skills, and advancing your career.

Canonical is an equal opportunity employer, fostering a workplace free from discrimination. We value diversity in experience, perspectives, and backgrounds, which enriches our environment and products. All applications will be considered fairly.