50 Security Executive jobs in Hong Kong

Join to apply for the Deputy Executive Manager, Security Architecture role at The Hong Kong Jockey Club

1 day ago Be among the first 25 applicants

Join to apply for the Deputy Executive Manager, Security Architecture role at The Hong Kong Jockey Club

Direct message the job poster from The Hong Kong Jockey Club

The job
You will:

• Develop, maintain, and own cyber security architecture patterns and design standards, using industry references and best practices (NIST, CIS, ISO, MITRE, OWASP, etc.) addressing - what, why, how, who, when, and where
• Develop, maintain, and own cyber threat modelling framework and apply it in conjunction with the risk management framework, risk assessment, and compliance with cybersecurity policies and standards
• Ensure coverage of cyber architecture patterns and design standards, and support extends to the current IT and cyber portfolio, as a priority. In addition, based on the demand and established priority, ensure support for evolving and emerging technologies such as multi, hybrid, public, and private clouds, Gen AI, DLTs, and Quantum resistance
• Develop and maintain NFRs and provide the required cyber architecture, design, and delivery support to the strategic business initiatives to complement their business functional requirements
• Work alongside PMO, delivery and BAU teams to establish project plans with scope, dependencies, constraints, timeframe, and including established BAU acceptance criteria, for club-wide cyber initiatives funded by CS, based on priorities, funding, and resourcing, and maintain a diligent focus on execution
• Conduct regular information-sharing sessions across management teams, independent of specific project deliverables, and with a focus on cyber architecture, design, product capabilities, people skills, and process maturity to seek feedback for continuous improvement
• Strive for product integration and consolidation, with immediate tactical steps and medium to longer-term approach, whilst articulating its rationale. Ensure rigorous competitive analysis, technical evaluations, vendor stability, professional services and support capabilities
• Mentor cyber design, delivery, and operational (BAU) teams. Remain up-to-date on evolving and emerging technologies. Distill hype (snake oil) across all cyber technologies. Excel in thought leadership as well as programme, project management, and people management across cross-functional teams across the Club
  

• Deep expertise and knowledge of the Security Domain with 10+ years of experience
• At least 4+ years of experience leading Security Architecture for a technology-focused organization
• Degree holder or Post-Graduate qualification in IT-related disciplines
• Sound knowledge and understanding of the latest security tools, security design methodologies, architecture frameworks and security risk assessment methods
• Relevant professional certifications (such as CISSP, CISM, GSE, or other equivalent) preferred
• Ability to speak English with good communication skills. Cantonese would be an advantage
• Able to accept technical challenges involved with defining the future of security
• A passion for educating and working with diverse technical teams
• Experience in security technologies including cloud, web application security, anti-bot solutions, WAF, application layer firewalls, IDS/IPS, SIEM, stateful inspection, TCP/IP, cryptography, authentication, OAUTH2.0, PCI DSS, different web application vulnerabilities, different attack vectors, vulnerability assessment and application penetration testing
• Experience with fundamental Internet protocols: BGP, GRE, MPLS, CDN, TCP/IP, SSL/TLS, HTTP, FTP, DNS
• Broad security and technology knowledge including DevSecOps and cloud infrastructure
• Programming experience - C, C++, J2EE, .NET, Flash/Flex, Web services and website development are a strong advantage
• Knowledge of ISMS, ISO27000 series, OWASP Top 10, MITRE and other major information security frameworks
  

• Seniority level Executive

• Employment type Full-time

• Job function Other, Information Technology, and Management
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Get notified about new Security Manager jobs in Sha Tin District, Hong Kong SAR .

Shenzhen, Guangdong, China CN¥40,000.00-CN¥60,000.00 1 year ago

Kwun Tong District, Hong Kong SAR 3 days ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwai Tsing District, Hong Kong SAR 3 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

2 days ago Be among the first 25 applicants

We are seeking a highly capable and experienced professional with approximately 10 years of experience in cybersecurity governance, and IT audit and security assessment support. This role focuses on leading security assessments in collaboration with technical teams, reviewing and translating technical findings into clear and impactful reports for clients, regulators, and senior management. The ideal candidate will possess strong analytical skills, excellent communication abilities, and a solid understanding of security controls across various technology domains.

Your Role

• Lead and coordinate security assessments across infrastructure, applications, and cloud environments, working closely with technical SMEs.
• Interface with technical teams to understand control implementation and translate findings into governance insights.
• Prepare high-quality security reports and presentations tailored for client and senior stakeholders.
• Support responses to client and regulatory security inquiries, ensuring accuracy, clarity, and timely delivery.
• Support the development of security reporting and risk metrics
• Contribute to the development and refinement of security policies, standards, and procedures.
• Support audit and assessment activities, including evidence collection and coordination with internal teams.
• Promote security awareness and contribute to training initiatives across the organization.

To Succeed in this Role

• Minimum 10 years of experience in cybersecurity governance, technology risk, or audit-related roles.
• Strong understanding of security controls across infrastructure, application, and cloud domains.
• Proven ability to work with technical teams and translate technical content into business-friendly reporting.
• Experience in preparing client-facing documentation and presentations.
• Excellent written and verbal communication skills in English.
• Familiarity with regulatory frameworks and standards (e.g., ISO 27001, NIST, CIS).
• Relevant certifications such as CISM, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.

Preferred Attributes

• Experience in regulated industries such as finance, healthcare, or insurance.
• Strong stakeholder engagement and coordination skills.
• Detail-oriented with a proactive and structured approach to governance.
• Familiarity with GRC

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development, Information Services, and Technology, Information and Media

Referrals increase your chances of interviewing at PCCW by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

2 days ago Be among the first 25 applicants

We are seeking a highly capable and experienced professional with approximately 10 years of experience in cybersecurity governance, and IT audit and security assessment support. This role focuses on leading security assessments in collaboration with technical teams, reviewing and translating technical findings into clear and impactful reports for clients, regulators, and senior management. The ideal candidate will possess strong analytical skills, excellent communication abilities, and a solid understanding of security controls across various technology domains.

Your Role

• Lead and coordinate security assessments across infrastructure, applications, and cloud environments, working closely with technical SMEs.
• Interface with technical teams to understand control implementation and translate findings into governance insights.
• Prepare high-quality security reports and presentations tailored for client and senior stakeholders.
• Support responses to client and regulatory security inquiries, ensuring accuracy, clarity, and timely delivery.
• Support the development of security reporting and risk metrics
• Contribute to the development and refinement of security policies, standards, and procedures.
• Support audit and assessment activities, including evidence collection and coordination with internal teams.
• Promote security awareness and contribute to training initiatives across the organization.

To Succeed in this Role

• Minimum 10 years of experience in cybersecurity governance, technology risk, or audit-related roles.
• Strong understanding of security controls across infrastructure, application, and cloud domains.
• Proven ability to work with technical teams and translate technical content into business-friendly reporting.
• Experience in preparing client-facing documentation and presentations.
• Excellent written and verbal communication skills in English.
• Familiarity with regulatory frameworks and standards (e.g., ISO 27001, NIST, CIS).
• Relevant certifications such as CISM, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.

Preferred Attributes

• Experience in regulated industries such as finance, healthcare, or insurance.
• Strong stakeholder engagement and coordination skills.
• Detail-oriented with a proactive and structured approach to governance.
• Familiarity with GRC

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development, Information Services, and Technology, Information and Media

Referrals increase your chances of interviewing at PCCW by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Deputy Executive Manager, Business Information Security Office role at The Hong Kong Jockey Club

1 day ago Be among the first 25 applicants

Join to apply for the Deputy Executive Manager, Business Information Security Office role at The Hong Kong Jockey Club

The Department

The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Department

The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Job

You will:

1 Cyber Risk Management

• Identify, assess and communicate the cyber risks to the business and/or critical supporting functions, adhering to the Club’s cyber risk management framework
• Establish and manage the cyber risk profile for the business and/or critical supporting functions, and ensure treatment plans are defined, funded and tracked
• Represent the Cyber Security Department at the non-financial risk committees chaired by the business and/or critical support functions, providing cyber advisory and presenting the cyber risk profile, highlighting material risks and other related updates
• Advise the business and/or critical supporting functions of the updates to the Club’s cybersecurity policies and standards, and ensure a plan and funding are in place, to adopt them
  
  
  

• Embed cyber security into the business’s and/or critical supporting functions’ strategy and objectives, and throughout their projects and day-to-day operations
• Ensure the Club’s cyber security strategy, policies, standards and solutions are relevant to the goals and challenges of the business and critical supporting functions, and the applicable regulatory requirements
• Ensure the Club’s policies and standards are fully complied with across their processes and systems
• Raising the cyber risk awareness and culture within the business and/or critical supporting functions, leveraging the Club’s cyber awareness and training programs
• Convey the needs from respective business units for the creation of the Cyber Security programme awareness and promotion of the cyber security control adoption across the business and/or critical supporting functions
• Advocate for modern Agile InfoSec practices balancing security and business agility through a pragmatic risk-based approach
• Liaise between Cyber Security and Business stakeholders to ensure seamless integration of Cyber Security controls
  
  
  

• Act as a trusted cyber advisor, fostering partnerships between Cyber Security and Business & IT teams
• Translate complex security concepts and requirements into actionable and business-friendly guidance
• During cybersecurity incidents, provide periodic sitrep to the business and/or critical supporting functions, and continuously assess the business impact of it
• Develop clear and concise updates on the cyber risk profiles, strategy, policies and standards, ensuring they are tailored for the non-financial risk committee members
  
  
  

• Bachelor’s degree holder e.g., Computer Science, IT, or other disciplines; a master’s degree is preferred
• 10+ years of experience in cyber risk management, cyber risk governance, or related fields
• Exceptional communication skills, with the ability to translate technical concepts for diverse audiences
• Expertise in stakeholder engagement, including senior executives and board members
• Demonstrated ability to foster business partnerships and to cultivate a strong risk culture
• Exceptional English writing and verbal communication skills, with the ability to present complex concepts to non-technical audiences
• Proficiency in the key cyber control domains, cyber risk management and governance frameworks and GRC tools
• Strong organisational and multitasking abilities with meticulous attention to detail
• Excellent stakeholder management and relationship-building skills
  
  
  

• Seniority level Executive

• Employment type Full-time

• Job function Project Management and Information Technology
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Get notified about new Business Information Manager jobs in Sha Tin District, Hong Kong SAR .

New Territories, Hong Kong SAR 7 hours ago

Central & Western District, Hong Kong SAR 1 day ago

Shenzhen, Guangdong, China CN¥15,000.00-CN¥25,000.00 1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Deputy Executive Manager, Business Information Security Office role at The Hong Kong Jockey Club

1 day ago Be among the first 25 applicants

Join to apply for the Deputy Executive Manager, Business Information Security Office role at The Hong Kong Jockey Club

The Department
The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.

The Department
The Cyber Security Department is responsible for the enhancement of the resiliency of Club's information, information systems and network infrastructure, as well as identifying security threats and vulnerabilities and effectively manage the risks. The team also works to ensure the Club's conformance to local cyber laws and regulations.
The Job
You will:
1 Cyber Risk Management

• Identify, assess and communicate the cyber risks to the business and/or critical supporting functions, adhering to the Club’s cyber risk management framework
• Establish and manage the cyber risk profile for the business and/or critical supporting functions, and ensure treatment plans are defined, funded and tracked
• Represent the Cyber Security Department at the non-financial risk committees chaired by the business and/or critical support functions, providing cyber advisory and presenting the cyber risk profile, highlighting material risks and other related updates
• Advise the business and/or critical supporting functions of the updates to the Club’s cybersecurity policies and standards, and ensure a plan and funding are in place, to adopt them
  

• Embed cyber security into the business’s and/or critical supporting functions’ strategy and objectives, and throughout their projects and day-to-day operations
• Ensure the Club’s cyber security strategy, policies, standards and solutions are relevant to the goals and challenges of the business and critical supporting functions, and the applicable regulatory requirements
• Ensure the Club’s policies and standards are fully complied with across their processes and systems
• Raising the cyber risk awareness and culture within the business and/or critical supporting functions, leveraging the Club’s cyber awareness and training programs
• Convey the needs from respective business units for the creation of the Cyber Security programme awareness and promotion of the cyber security control adoption across the business and/or critical supporting functions
• Advocate for modern Agile InfoSec practices balancing security and business agility through a pragmatic risk-based approach
• Liaise between Cyber Security and Business stakeholders to ensure seamless integration of Cyber Security controls
  

• Act as a trusted cyber advisor, fostering partnerships between Cyber Security and Business & IT teams
• Translate complex security concepts and requirements into actionable and business-friendly guidance
• During cybersecurity incidents, provide periodic sitrep to the business and/or critical supporting functions, and continuously assess the business impact of it
• Develop clear and concise updates on the cyber risk profiles, strategy, policies and standards, ensuring they are tailored for the non-financial risk committee members
  

• Bachelor’s degree holder e.g., Computer Science, IT, or other disciplines; a master’s degree is preferred
• 10+ years of experience in cyber risk management, cyber risk governance, or related fields
• Exceptional communication skills, with the ability to translate technical concepts for diverse audiences
• Expertise in stakeholder engagement, including senior executives and board members
• Demonstrated ability to foster business partnerships and to cultivate a strong risk culture
• Exceptional English writing and verbal communication skills, with the ability to present complex concepts to non-technical audiences
• Proficiency in the key cyber control domains, cyber risk management and governance frameworks and GRC tools
• Strong organisational and multitasking abilities with meticulous attention to detail
• Excellent stakeholder management and relationship-building skills
  

• Seniority level Executive

• Employment type Full-time

• Job function Project Management and Information Technology
• Industries Non-profit Organizations

Referrals increase your chances of interviewing at The Hong Kong Jockey Club by 2x

Get notified about new Business Information Manager jobs in Sha Tin District, Hong Kong SAR .

New Territories, Hong Kong SAR 7 hours ago

Central & Western District, Hong Kong SAR 1 day ago

Shenzhen, Guangdong, China CN¥15,000.00-CN¥25,000.00 1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Manager, Security Management role at Bank of Communications Co., Ltd. London Branch

Continue with Google Continue with Google

Join to apply for the Manager, Security Management role at Bank of Communications Co., Ltd. London Branch

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Company Description

Founded in 1908, Bank of Communications Co., Ltd. (Stock Code: 3328) is one of the oldest banks in China, and also acted as one of the country’s banknote-issuing institutions. The bank was listed on the Stock Exchange of Hong Kong Limited and the Shanghai Stock Exchange in June 2005 and May 2007 respectively. At present, apart from Tibet, BOCOM comprises 30 provincial branches across provinces, municipalities and autonomous regions, plus a network of 2,637 operating locations in 173 cities and 112 counties nationwide. Beyond China, BOCOM has established overseas centers in Hong Kong, New York, San Francisco, Tokyo, Singapore, Seoul, Frankfurt, Macau, Ho Chi Minh City, and Sydney; one subsidiary bank in the U.K. and one representative office in Taipei. BOCOM’s development strategy is to become a first class listed universal banking group focusing on international expansion and specializing in wealth management.

Company Description

Founded in 1908, Bank of Communications Co., Ltd. (Stock Code: 3328) is one of the oldest banks in China, and also acted as one of the country’s banknote-issuing institutions. The bank was listed on the Stock Exchange of Hong Kong Limited and the Shanghai Stock Exchange in June 2005 and May 2007 respectively. At present, apart from Tibet, BOCOM comprises 30 provincial branches across provinces, municipalities and autonomous regions, plus a network of 2,637 operating locations in 173 cities and 112 counties nationwide. Beyond China, BOCOM has established overseas centers in Hong Kong, New York, San Francisco, Tokyo, Singapore, Seoul, Frankfurt, Macau, Ho Chi Minh City, and Sydney; one subsidiary bank in the U.K. and one representative office in Taipei. BOCOM’s development strategy is to become a first class listed universal banking group focusing on international expansion and specializing in wealth management.

Job Description

• Motivate an effective security operations team to oversee the security services
• Follow up the incident report and drive the analysis of security incidents
• Analyze industry trends and make recommendation to Senior Management for improving risk exposure
• Manage the external vendors in respect of regular communications and ad-hoc work as assigned
• Degree holder or above in Business Administration or related disciplines
• Minimum 5 years' work experience in security service industry or disciplinary service
• Excellent leadership with practical knowledge and good problem-solving skills
• Self-motivated with professional appearance and be customer-oriented
• Strong analytical mind with good communication and interpersonal skills

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Accounting/Auditing and Finance
• Industries Banking and Investment Banking

Referrals increase your chances of interviewing at Bank of Communications Co., Ltd. London Branch by 2x

Get notified about new Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 20 minutes ago

Shenzhen, Guangdong, China
CN¥40,000.00
-
CN¥60,000.00
1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Manager, Security Management role at Bank of Communications Co., Ltd. London Branch

Continue with Google Continue with Google

Join to apply for the Manager, Security Management role at Bank of Communications Co., Ltd. London Branch

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Company Description
Founded in 1908, Bank of Communications Co., Ltd. (Stock Code: 3328) is one of the oldest banks in China, and also acted as one of the country’s banknote-issuing institutions. The bank was listed on the Stock Exchange of Hong Kong Limited and the Shanghai Stock Exchange in June 2005 and May 2007 respectively. At present, apart from Tibet, BOCOM comprises 30 provincial branches across provinces, municipalities and autonomous regions, plus a network of 2,637 operating locations in 173 cities and 112 counties nationwide. Beyond China, BOCOM has established overseas centers in Hong Kong, New York, San Francisco, Tokyo, Singapore, Seoul, Frankfurt, Macau, Ho Chi Minh City, and Sydney; one subsidiary bank in the U.K. and one representative office in Taipei. BOCOM’s development strategy is to become a first class listed universal banking group focusing on international expansion and specializing in wealth management.

Company Description
Founded in 1908, Bank of Communications Co., Ltd. (Stock Code: 3328) is one of the oldest banks in China, and also acted as one of the country’s banknote-issuing institutions. The bank was listed on the Stock Exchange of Hong Kong Limited and the Shanghai Stock Exchange in June 2005 and May 2007 respectively. At present, apart from Tibet, BOCOM comprises 30 provincial branches across provinces, municipalities and autonomous regions, plus a network of 2,637 operating locations in 173 cities and 112 counties nationwide. Beyond China, BOCOM has established overseas centers in Hong Kong, New York, San Francisco, Tokyo, Singapore, Seoul, Frankfurt, Macau, Ho Chi Minh City, and Sydney; one subsidiary bank in the U.K. and one representative office in Taipei. BOCOM’s development strategy is to become a first class listed universal banking group focusing on international expansion and specializing in wealth management.
Job Description

• Motivate an effective security operations team to oversee the security services
• Follow up the incident report and drive the analysis of security incidents
• Analyze industry trends and make recommendation to Senior Management for improving risk exposure
• Manage the external vendors in respect of regular communications and ad-hoc work as assigned
• Degree holder or above in Business Administration or related disciplines
• Minimum 5 years' work experience in security service industry or disciplinary service
• Excellent leadership with practical knowledge and good problem-solving skills
• Self-motivated with professional appearance and be customer-oriented
• Strong analytical mind with good communication and interpersonal skills

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Accounting/Auditing and Finance
• Industries Banking and Investment Banking

Referrals increase your chances of interviewing at Bank of Communications Co., Ltd. London Branch by 2x

Get notified about new Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 20 minutes ago

Shenzhen, Guangdong, China
CN¥40,000.00
-
CN¥60,000.00
1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Risk Management Specialist role at Canonical

Join to apply for the Security Risk Management Specialist role at Canonical

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do.

To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

What you will do in this role:

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.
  
  

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Finance and Sales
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Risk Management Specialist role at Canonical

Join to apply for the Security Risk Management Specialist role at Canonical

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do.
To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.
The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.
What you will do in this role:

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.
  

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  

• Seniority level Entry level

• Employment type Full-time

• Job function Finance and Sales
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.