Security Risk Management Specialist

March 16

Apply Now

Receive Emails with Similar Jobs

Canonical

WebsiteLinkedInAll Job Openings

Open Source • Cloud • AI

Canonical is the company behind Ubuntu, the world's most popular open-source operating system, which provides fast, modern, and secure Linux solutions for desktops, servers, and cloud environments. They offer a comprehensive set of products and services, including Ubuntu Desktop, Ubuntu Server, cloud solutions such as OpenStack, and tools for managing containerized applications with Kubernetes. Canonical focuses on making open-source technology reliable and accessible across various industries, from IoT and AI to enterprise infrastructure.

501 - 1000 employees

Founded 2004

📋 Description

• In security risk management we’re looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. • Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do. • To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. • In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. • You will not only work within the team but also cross-functionally with various teams across the organisation. • The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. • Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical. • The security risk management team’s mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. • They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies. • Define Canonical's security risk management standards and playbooks • Analyse and improve Canonical's security risk practices • Evaluate, select and implement new security requirements, tools and practices • Grow the presence and thought leadership of Canonical security risk management practice • Develop Canonical security risk learning and development materials • Work with Security leadership to present information and influence change • Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs • Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others) • Participate in risk management, decision-making, and collaborative discussions • Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes • Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action • Develop templates and materials to help with self-service risk management actions • Monitor and identify opportunities to improve the effectiveness of risk management processes • Launch campaigns to perform security assessments and help mitigate security risks across the company • Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.

🎯 Requirements

• An exceptional academic track record • Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path • Drive and a track record of going above-and-beyond expectations • Deep personal motivation to be at the forefront of technology security • Leadership and management ability • Excellent business English writing and presentation skills • Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management • Expertise in threat modelling and risk management frameworks • Broad knowledge of how to operationalize the management of security risk • Experience in Secure Development Lifecycle and Security by Design methodology

🏖️ Benefits

• Distributed work environment with twice-yearly team sprints in person • Personal learning and development budget of USD 2,000 per year • Annual compensation review • Recognition rewards • Annual holiday leave • Maternity and paternity leave • Employee Assistance Programme • Opportunity to travel to new locations to meet colleagues • Priority Pass, and travel upgrades for long haul company events