Ubuntu is a community-developed, Linux-based operating system that is published and commercially supported by software development firm Canonical. Like Canonica
Security Risk Management Specialist
Location
United Kingdom
Posted
66 days ago
Salary
0
Seniority
Senior
Job Description
Security Risk Management Specialist
Canonical
• Define Canonical's security risk management standards and playbooks • Analyse and improve Canonical's security risk practices • Evaluate, select and implement new security requirements, tools and practices • Grow the presence and thought leadership of Canonical security risk management practice • Develop Canonical security risk learning and development materials • Work with Security leadership to present information and influence change • Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs • Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others) • Participate in risk management, decision-making, and collaborative discussions • Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes • Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action • Develop templates and materials to help with self-service risk management actions • Monitor and identify opportunities to improve the effectiveness of risk management processes • Launch campaigns to perform security assessments and help mitigate security risks across the company • Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.
Job Requirements
- An exceptional academic track record
- Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
- Drive and a track record of going above-and-beyond expectations
- Deep personal motivation to be at the forefront of technology security
- Leadership and management ability
- Excellent business English writing and presentation skills
- Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
- Expertise in threat modelling and risk management frameworks
- Broad knowledge of how to operationalize the management of security risk
- Experience in Secure Development Lifecycle and Security by Design methodology
Benefits
- Distributed work environment with twice-yearly team sprints in person
- Personal learning and development budget of USD 2,000 per year
- Annual compensation review
- Recognition rewards
- Annual holiday leave
- Maternity and paternity leave
- Employee Assistance Programme
- Opportunity to travel to new locations to meet colleagues
- Priority Pass, and travel upgrades for long haul company events
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Tutor Me Education is reshaping how students learn. • Provide support to students all across the country. • Virtual instruction from your home computer.
• Utilize NDR, EDR, real-time streaming, and SIEM technologies to develop robust threat detection capabilities • Build and optimize detection rules leveraging real-time data streaming to enhance detection accuracy • Design enrichment pipelines and automation workflows to enhance the precision of threat detections • Develop correlation logic and automated processes to create high-fidelity threat alerts • Build compliance and recoverability of customer Data Analytics solutions, including SOPs, data onboarding, normalization, enrichment, and system maintenance • Create automation playbooks for incident triage and response • Align detection content with customer-specific Use Case Frameworks and provide metrics on cybersecurity threats impacting their environment • Collaborate with customer cybersecurity teams to cover gaps and enhance enterprise posture • Support enterprise Cybersecurity, Information Technology (IT), and Operational Technology (OT) teams by providing dashboards and other data exploration tools • Stay continually aware of emerging cybersecurity threats and trends, adapting detection strategies as needed • Work closely with customer teams, including Cybersecurity Operations Center (CSOC), Operational Technology (OT), and Incident Response (IR) teams, to ensure detections are actionable and relevant • Provide feedback to improve the customer's security framework and overall security monitoring strategy
• Analyze product security requirements and apply industry-recognized methodologies to translate them into effective security controls. • Design and support the implementation of secure cloud architectures. • Audit externally developed product security designs, document missing security controls, and lead efforts to analyze and implement security improvements. • Conduct threat modeling, attack surface analysis, and attack tree creation for products running on cloud platforms. • Research, review, compare, and propose technologies that meet client requirements. • Perform comprehensive security posture assessments through various methodologies. • Validate CI/CD pipelines and audit deployment configurations across various hosting environments. • Ensure that implemented solutions align with the product’s security architecture and requirements. • Document and present product security risks in both technical and business contexts. • Lead and support a small team of security engineers and consultants in assessing and researching cutting-edge technologies.
• Technical leadership on major projects involving emerging technologies. • Researching, analyzing, and resolving demanding technical challenges. • Driving threat modelling, attack surface enumeration and attack tree creation activities across applications. • Planning and supervising end-to-end security posture assessments via source code auditing and functional testing. • Documenting and presenting product security risks.
