In security risk management, we aim to combine industry best practices with innovative approaches to security risk assessments and modeling. Our security risk management team is responsible for defining the strategy and practices for identifying, tracking, and reducing security risks across all our activities.
To support this, we leverage industry standards and emerging threat intelligence to enhance risk identification, quantification, impact analysis, and modeling, ultimately guiding decision-making. In this role, you will establish and execute a strategic vision for Canonical's security risk program, working collaboratively within the team and across various departments. Our team contributes to product security improvements, enhances resilience for Ubuntu users, and collaborates with Learning and Development to create playbooks and security training.
The team's mission extends beyond Canonical to the open source ecosystem, sharing knowledge through industry events, threat intelligence sharing, and representing Canonical in sector-specific governance bodies.
What you will do in this role:
1. Define Canonical's security risk management standards and playbooks
2. Analyze and improve security risk practices
3. Evaluate, select, and implement new security tools and requirements
4. Enhance Canonical's security risk management presence and thought leadership
5. Develop learning and development materials related to security risk
6. Collaborate with security leadership to present information and drive change
7. Develop key risk indicators and contribute to control and performance metrics
8. Apply statistical models (e.g., FAIR, sensitivity analysis) to risk frameworks
9. Participate in risk management discussions and decision-making
10. Lead quantified risk assessments and incorporate qualitative data for process improvements
11. Interpret cyber security risk analyses in business terms and recommend actions
12. Create templates and materials for self-service risk management
13. Identify opportunities to improve risk management processes
14. Initiate security assessments and mitigation campaigns
15. Develop evaluation methods and KPIs to measure security functions' effectiveness
What we are looking for:
* Exceptional academic record
* Undergraduate degree in Computer Science or STEM, or an alternative compelling background
* Drive and a history of exceeding expectations
* Strong motivation in technology security
* Leadership and management skills
* Excellent business English communication and presentation skills
* Problem-solving and technical expertise in security assessments and risk management
* Experience with threat modeling and risk frameworks
* Knowledge of operational security risk management
* Experience with Secure Development Lifecycle and Security by Design
What we offer:
We offer competitive worldwide compensation, reviewed annually, with additional benefits reflecting our values. Our benefits include:
* Distributed work environment with biannual in-person team sprints
* USD 2,000 annual learning and development budget
* Performance reviews and recognition rewards
* Annual leave and parental leave policies
* Employee Assistance Programme
* Travel opportunities and company event upgrades
About Canonical:
Canonical is a leader in open source technology, publishing Ubuntu, a key platform for AI, IoT, and cloud. We are a remote-first company committed to excellence and diversity, fostering a workplace free from discrimination. Working here challenges you to innovate, learn, and excel.
Canonical is an equal opportunity employer, valuing diverse backgrounds and perspectives.
#J-18808-Ljbffr