334 Vp Security jobs in Hong Kong

Requisition ID: 170911 - Posted: Hong Kong SAR - Shangri-La International Hotel Management Limited - Information Technology - Permanent

Shangri-La Group is a global leader in luxury hospitality with unique Asian heritage.

Headquartered in Hong Kong, we have over 100 hotels and resorts under four brands nested in key cities and beautiful beachfront locations globally. We are expanding rapidly with a strong development pipeline throughout Asia, the Middle East, Europe, and Africa.

As an enviable employer with industry-leading levels of colleague engagement, our people are our priority. Our success is only made possible through the efforts and abilities of over 42,000 colleagues worldwide. The focused investment we make in the learning and development of our colleagues is unparalleled in the global hospitality industry.

We are currently looking for an Assistant Vice President, Information Security to assist the VP, Information Security in managing a small team of specialists overlooking all matters related to information security and data protection for the group.

As the Assistant Vice President, Information Security, we will rely on you to:

• Develop and implement company-wide policies & procedures for information security and data protection.
• Review and improve existing policies & procedures for information security and data protection.
• Work closely with IT teams to maintain a secure operating environment.
• Conduct periodic reviews & audits of IT infrastructure, systems & operations, software applications, vendors, and service providers to ensure compliance with information security policies.
• Conduct periodic reviews & audits of hotel operations to ensure compliance with information security policies.
• Manage PCI-DSS and related compliance certification for the group.
• Manage risk assessment programs targeting information security, data protection, and data privacy matters, and implement risk mitigation plans.
• Ensure group compliance with relevant information security and data privacy legislation and regulations for our hotels.
• Manage our group-wide information security and data protection awareness program.
• Manage the information security budget, ensuring the allocation of resources in alignment with company priorities and security objectives.
• Oversee the daily operations of the information security function, including security monitoring, incident handling, and investigation in collaboration with the Security Operations Centers.
• Provide expert advice on information security aspects of new projects and systems, evaluating risks and recommending appropriate security controls and measures.

We are looking for someone who has:

• Bachelor’s degree holder, preferably in a relevant discipline.
• Minimum 6 years of relevant experience in managing information security functions for a sizable company.
• Hands-on experience in developing and implementing enterprise-level information security policies & procedures, and training.
• Familiar with legal, regulatory, and other compliance requirements, including PCI-DSS.
• Familiarity with risk management methodologies.
• Excellent planning, organizing, interpersonal, and communication skills.
• Excellent communication skills in English. Fluency in Chinese (Mandarin) will be desirable.
• Professional certification such as CISSP, CISM, CISA, GIAC, or equivalent will be highly desirable.
• Familiarity with ISO/IEC 27001, NIST, or equivalent will be highly desirable.

2 days ago Be among the first 25 applicants

We are seeking a highly capable and experienced professional with approximately 10 years of experience in cybersecurity governance, and IT audit and security assessment support. This role focuses on leading security assessments in collaboration with technical teams, reviewing and translating technical findings into clear and impactful reports for clients, regulators, and senior management. The ideal candidate will possess strong analytical skills, excellent communication abilities, and a solid understanding of security controls across various technology domains.

Your Role

• Lead and coordinate security assessments across infrastructure, applications, and cloud environments, working closely with technical SMEs.
• Interface with technical teams to understand control implementation and translate findings into governance insights.
• Prepare high-quality security reports and presentations tailored for client and senior stakeholders.
• Support responses to client and regulatory security inquiries, ensuring accuracy, clarity, and timely delivery.
• Support the development of security reporting and risk metrics
• Contribute to the development and refinement of security policies, standards, and procedures.
• Support audit and assessment activities, including evidence collection and coordination with internal teams.
• Promote security awareness and contribute to training initiatives across the organization.

To Succeed in this Role

• Minimum 10 years of experience in cybersecurity governance, technology risk, or audit-related roles.
• Strong understanding of security controls across infrastructure, application, and cloud domains.
• Proven ability to work with technical teams and translate technical content into business-friendly reporting.
• Experience in preparing client-facing documentation and presentations.
• Excellent written and verbal communication skills in English.
• Familiarity with regulatory frameworks and standards (e.g., ISO 27001, NIST, CIS).
• Relevant certifications such as CISM, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.

Preferred Attributes

• Experience in regulated industries such as finance, healthcare, or insurance.
• Strong stakeholder engagement and coordination skills.
• Detail-oriented with a proactive and structured approach to governance.
• Familiarity with GRC

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development, Information Services, and Technology, Information and Media

Referrals increase your chances of interviewing at PCCW by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

2 days ago Be among the first 25 applicants

We are seeking a highly capable and experienced professional with approximately 10 years of experience in cybersecurity governance, and IT audit and security assessment support. This role focuses on leading security assessments in collaboration with technical teams, reviewing and translating technical findings into clear and impactful reports for clients, regulators, and senior management. The ideal candidate will possess strong analytical skills, excellent communication abilities, and a solid understanding of security controls across various technology domains.

Your Role

• Lead and coordinate security assessments across infrastructure, applications, and cloud environments, working closely with technical SMEs.
• Interface with technical teams to understand control implementation and translate findings into governance insights.
• Prepare high-quality security reports and presentations tailored for client and senior stakeholders.
• Support responses to client and regulatory security inquiries, ensuring accuracy, clarity, and timely delivery.
• Support the development of security reporting and risk metrics
• Contribute to the development and refinement of security policies, standards, and procedures.
• Support audit and assessment activities, including evidence collection and coordination with internal teams.
• Promote security awareness and contribute to training initiatives across the organization.

To Succeed in this Role

• Minimum 10 years of experience in cybersecurity governance, technology risk, or audit-related roles.
• Strong understanding of security controls across infrastructure, application, and cloud domains.
• Proven ability to work with technical teams and translate technical content into business-friendly reporting.
• Experience in preparing client-facing documentation and presentations.
• Excellent written and verbal communication skills in English.
• Familiarity with regulatory frameworks and standards (e.g., ISO 27001, NIST, CIS).
• Relevant certifications such as CISM, CRISC, ISO 27001 Lead Implementer, or equivalent are preferred.

Preferred Attributes

• Experience in regulated industries such as finance, healthcare, or insurance.
• Strong stakeholder engagement and coordination skills.
• Detail-oriented with a proactive and structured approach to governance.
• Familiarity with GRC

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development, Information Services, and Technology, Information and Media

Referrals increase your chances of interviewing at PCCW by 2x

Get notified about new Information Security Specialist jobs in Hong Kong, Hong Kong SAR .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Manager, Security Management role at Bank of Communications Co., Ltd. London Branch

Continue with Google Continue with Google

Join to apply for the Manager, Security Management role at Bank of Communications Co., Ltd. London Branch

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Company Description

Founded in 1908, Bank of Communications Co., Ltd. (Stock Code: 3328) is one of the oldest banks in China, and also acted as one of the country’s banknote-issuing institutions. The bank was listed on the Stock Exchange of Hong Kong Limited and the Shanghai Stock Exchange in June 2005 and May 2007 respectively. At present, apart from Tibet, BOCOM comprises 30 provincial branches across provinces, municipalities and autonomous regions, plus a network of 2,637 operating locations in 173 cities and 112 counties nationwide. Beyond China, BOCOM has established overseas centers in Hong Kong, New York, San Francisco, Tokyo, Singapore, Seoul, Frankfurt, Macau, Ho Chi Minh City, and Sydney; one subsidiary bank in the U.K. and one representative office in Taipei. BOCOM’s development strategy is to become a first class listed universal banking group focusing on international expansion and specializing in wealth management.

Company Description

Founded in 1908, Bank of Communications Co., Ltd. (Stock Code: 3328) is one of the oldest banks in China, and also acted as one of the country’s banknote-issuing institutions. The bank was listed on the Stock Exchange of Hong Kong Limited and the Shanghai Stock Exchange in June 2005 and May 2007 respectively. At present, apart from Tibet, BOCOM comprises 30 provincial branches across provinces, municipalities and autonomous regions, plus a network of 2,637 operating locations in 173 cities and 112 counties nationwide. Beyond China, BOCOM has established overseas centers in Hong Kong, New York, San Francisco, Tokyo, Singapore, Seoul, Frankfurt, Macau, Ho Chi Minh City, and Sydney; one subsidiary bank in the U.K. and one representative office in Taipei. BOCOM’s development strategy is to become a first class listed universal banking group focusing on international expansion and specializing in wealth management.

Job Description

• Motivate an effective security operations team to oversee the security services
• Follow up the incident report and drive the analysis of security incidents
• Analyze industry trends and make recommendation to Senior Management for improving risk exposure
• Manage the external vendors in respect of regular communications and ad-hoc work as assigned
• Degree holder or above in Business Administration or related disciplines
• Minimum 5 years' work experience in security service industry or disciplinary service
• Excellent leadership with practical knowledge and good problem-solving skills
• Self-motivated with professional appearance and be customer-oriented
• Strong analytical mind with good communication and interpersonal skills

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Accounting/Auditing and Finance
• Industries Banking and Investment Banking

Referrals increase your chances of interviewing at Bank of Communications Co., Ltd. London Branch by 2x

Get notified about new Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 20 minutes ago

Shenzhen, Guangdong, China
CN¥40,000.00
-
CN¥60,000.00
1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Manager, Security Management role at Bank of Communications Co., Ltd. London Branch

Continue with Google Continue with Google

Join to apply for the Manager, Security Management role at Bank of Communications Co., Ltd. London Branch

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Company Description
Founded in 1908, Bank of Communications Co., Ltd. (Stock Code: 3328) is one of the oldest banks in China, and also acted as one of the country’s banknote-issuing institutions. The bank was listed on the Stock Exchange of Hong Kong Limited and the Shanghai Stock Exchange in June 2005 and May 2007 respectively. At present, apart from Tibet, BOCOM comprises 30 provincial branches across provinces, municipalities and autonomous regions, plus a network of 2,637 operating locations in 173 cities and 112 counties nationwide. Beyond China, BOCOM has established overseas centers in Hong Kong, New York, San Francisco, Tokyo, Singapore, Seoul, Frankfurt, Macau, Ho Chi Minh City, and Sydney; one subsidiary bank in the U.K. and one representative office in Taipei. BOCOM’s development strategy is to become a first class listed universal banking group focusing on international expansion and specializing in wealth management.

Company Description
Founded in 1908, Bank of Communications Co., Ltd. (Stock Code: 3328) is one of the oldest banks in China, and also acted as one of the country’s banknote-issuing institutions. The bank was listed on the Stock Exchange of Hong Kong Limited and the Shanghai Stock Exchange in June 2005 and May 2007 respectively. At present, apart from Tibet, BOCOM comprises 30 provincial branches across provinces, municipalities and autonomous regions, plus a network of 2,637 operating locations in 173 cities and 112 counties nationwide. Beyond China, BOCOM has established overseas centers in Hong Kong, New York, San Francisco, Tokyo, Singapore, Seoul, Frankfurt, Macau, Ho Chi Minh City, and Sydney; one subsidiary bank in the U.K. and one representative office in Taipei. BOCOM’s development strategy is to become a first class listed universal banking group focusing on international expansion and specializing in wealth management.
Job Description

• Motivate an effective security operations team to oversee the security services
• Follow up the incident report and drive the analysis of security incidents
• Analyze industry trends and make recommendation to Senior Management for improving risk exposure
• Manage the external vendors in respect of regular communications and ad-hoc work as assigned
• Degree holder or above in Business Administration or related disciplines
• Minimum 5 years' work experience in security service industry or disciplinary service
• Excellent leadership with practical knowledge and good problem-solving skills
• Self-motivated with professional appearance and be customer-oriented
• Strong analytical mind with good communication and interpersonal skills

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Accounting/Auditing and Finance
• Industries Banking and Investment Banking

Referrals increase your chances of interviewing at Bank of Communications Co., Ltd. London Branch by 2x

Get notified about new Security Manager jobs in Hong Kong, Hong Kong SAR .

Sha Tin District, Hong Kong SAR 20 minutes ago

Shenzhen, Guangdong, China
CN¥40,000.00
-
CN¥60,000.00
1 year ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Engineer / Security Team Lead - Assistant Vice President - Security Services - IT - 12months contract role at Hong Kong Exchanges and Clearing Limited (HKEX)

1 day ago Be among the first 25 applicants

Join to apply for the Security Engineer / Security Team Lead - Assistant Vice President - Security Services - IT - 12months contract role at Hong Kong Exchanges and Clearing Limited (HKEX)

Company Introduction:

We’re home to Asia's most dynamic and vibrant capital markets.

Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.

HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."

Job Summary:

The Information Security Engineer is responsible for designing, building and maintaining enterprise IT security solutions to address the organization’s security requirements. Reporting to the Information Security Services Lead, this role will work closely with IT Innovation Lab, software engineering teams, IT infrastructure team, IT compliance, security operations and cyber technology risk team.

Company Introduction:

We’re home to Asia's most dynamic and vibrant capital markets.

Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.

HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."

Job Summary:

The Information Security Engineer is responsible for designing, building and maintaining enterprise IT security solutions to address the organization’s security requirements. Reporting to the Information Security Services Lead, this role will work closely with IT Innovation Lab, software engineering teams, IT infrastructure team, IT compliance, security operations and cyber technology risk team.

Job Duties:

Responsibilities

• Engineer, implement and monitor security measures for the protection of computer systems, networks and information
• Identify and define system security requirements
• Design computersecurity architecture and develop detailedcyber securitydesigns
• Configure and troubleshoot security systems and infrastructure devices
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Maintain all solution design documentation, processes, procedures and report on metrics to demonstrate effective and efficient management of services.
• Work with handling service requests on security tool standard changes, such as proxy whitelisting requests
• Delivery security service on-boarding such as security agent install, connecting systems to SIEM
• Review IT systems to ensure that they have met security acceptance criteria.
• Work with product vendors and suppliers to maintain and enhance existing security tooling and products
• Ensure that the organization security tools can detect and help with the response to cyber security incidents.
• Document and validate disaster recovery testing for CyberSecurity tools.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancements
• Support in managing the Total Cost of Ownership (TCO) for security solutions which includes new investments and business-as-usual financials.
• Design and execute processes to make BAU changes to security tools (eg web proxy changes, DLP mail rule changes, etc)
• Automate or script changes and validation processes
  
  

• Proven work experience as a System Security Engineer or Information Security Engineer
• Experience in building, maintaining and operating security systems and platforms
• Hands on experience in a number of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, data loss prevention systems, web proxies, etc
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Thorough understanding of the latest security principles, techniques, and protocols (such as zero trust, etc)
• Problem solving skills and ability to work under pressure
• Must have strong information security technology knowledge/concepts and can effectively communicate with senior management and a broad range of technical/non-technical audiences. Strong written communication skills and verbal presentations to senior management.
• Must have a relevant University degree in Computer Science, Information Management, or related field, or equivalent experience.
• Good presentation, project planning and documentation skills
• Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
• Familiarity with application, database and operating system security
• Familiarity with cloud security technologies (AWS or Azure is preferred)
• Familiarity with risk / control frameworks, such as Mitre ATT&CK, D3FEND, OWASP, NIST Cybersecurity Framework
• Familiarity in scripting or automation is an added advantage
• Familiarity with Identity and Lifecycle management is an advantage
• Previous experience in regulated environments is an added advantage
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Other, Information Technology, and Management

Referrals increase your chances of interviewing at Hong Kong Exchanges and Clearing Limited (HKEX) by 2x

Shenzhen, Guangdong, China CN¥30,000.00-CN¥40,000.00 2 years ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Engineer / Security Team Lead - Assistant Vice President - Security Services - IT - 12months contract role at Hong Kong Exchanges and Clearing Limited (HKEX)

1 day ago Be among the first 25 applicants

Join to apply for the Security Engineer / Security Team Lead - Assistant Vice President - Security Services - IT - 12months contract role at Hong Kong Exchanges and Clearing Limited (HKEX)

Company Introduction:

We’re home to Asia's most dynamic and vibrant capital markets.
Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.

HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."

Job Summary:
The Information Security Engineer is responsible for designing, building and maintaining enterprise IT security solutions to address the organization’s security requirements. Reporting to the Information Security Services Lead, this role will work closely with IT Innovation Lab, software engineering teams, IT infrastructure team, IT compliance, security operations and cyber technology risk team.

Company Introduction:
We’re home to Asia's most dynamic and vibrant capital markets.
Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.
HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."
Job Summary:
The Information Security Engineer is responsible for designing, building and maintaining enterprise IT security solutions to address the organization’s security requirements. Reporting to the Information Security Services Lead, this role will work closely with IT Innovation Lab, software engineering teams, IT infrastructure team, IT compliance, security operations and cyber technology risk team.
Job Duties:
Responsibilities

• Engineer, implement and monitor security measures for the protection of computer systems, networks and information
• Identify and define system security requirements
• Design computersecurity architecture and develop detailedcyber securitydesigns
• Configure and troubleshoot security systems and infrastructure devices
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Maintain all solution design documentation, processes, procedures and report on metrics to demonstrate effective and efficient management of services.
• Work with handling service requests on security tool standard changes, such as proxy whitelisting requests
• Delivery security service on-boarding such as security agent install, connecting systems to SIEM
• Review IT systems to ensure that they have met security acceptance criteria.
• Work with product vendors and suppliers to maintain and enhance existing security tooling and products
• Ensure that the organization security tools can detect and help with the response to cyber security incidents.
• Document and validate disaster recovery testing for CyberSecurity tools.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancements
• Support in managing the Total Cost of Ownership (TCO) for security solutions which includes new investments and business-as-usual financials.
• Design and execute processes to make BAU changes to security tools (eg web proxy changes, DLP mail rule changes, etc)
• Automate or script changes and validation processes
  

• Proven work experience as a System Security Engineer or Information Security Engineer
• Experience in building, maintaining and operating security systems and platforms
• Hands on experience in a number of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, data loss prevention systems, web proxies, etc
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Thorough understanding of the latest security principles, techniques, and protocols (such as zero trust, etc)
• Problem solving skills and ability to work under pressure
• Must have strong information security technology knowledge/concepts and can effectively communicate with senior management and a broad range of technical/non-technical audiences. Strong written communication skills and verbal presentations to senior management.
• Must have a relevant University degree in Computer Science, Information Management, or related field, or equivalent experience.
• Good presentation, project planning and documentation skills
• Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
• Familiarity with application, database and operating system security
• Familiarity with cloud security technologies (AWS or Azure is preferred)
• Familiarity with risk / control frameworks, such as Mitre ATT&CK, D3FEND, OWASP, NIST Cybersecurity Framework
• Familiarity in scripting or automation is an added advantage
• Familiarity with Identity and Lifecycle management is an advantage
• Previous experience in regulated environments is an added advantage
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Other, Information Technology, and Management

Referrals increase your chances of interviewing at Hong Kong Exchanges and Clearing Limited (HKEX) by 2x

Shenzhen, Guangdong, China CN¥30,000.00-CN¥40,000.00 2 years ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Risk Management Specialist role at Canonical

Join to apply for the Security Risk Management Specialist role at Canonical

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do.

To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

What you will do in this role:

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.
  
  

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Finance and Sales
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Risk Management Specialist role at Canonical

Join to apply for the Security Risk Management Specialist role at Canonical

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do.
To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.
The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.
What you will do in this role:

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.
  

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  

• Seniority level Entry level

• Employment type Full-time

• Job function Finance and Sales
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.