65 Empregos para Risk Assessment - Brasil

Overview

Segmento: Não Informado

Atividades

By participating in this program, you will be part of a team dedicated to streamlining fraud signals across departments and improving operational workflows.

• Assist with case intake, tagging, and triage of fraud-related submissions
• Document return materials processes for traceability and evidence handling
• Support creation and refinement of SOPs for fraud and marketing workflows
• Collaborate with cross-functional teams to align platform inputs
• Participate in testing and feedback for new features
• Help draft reports and identify opportunities for automation and process improvement

This role offers a chance to work on various tasks such as assisting with case intake, documenting processes, and collaborating with cross-functional teams. As a member of our Case Management team, you will have the opportunity to evolve our fraud case intake and resolution platform.

• We are looking for a detail-oriented individual who is able to assist in the development and maintenance of our fraud case intake and resolution platform
• Key qualifications include ability to work collaboratively, strong analytical skills, and excellent communication skills

By joining our organization, you will be part of a dynamic and innovative team that is dedicated to making a positive impact in the payments industry. Our team members enjoy a fast-paced and challenging work environment that offers opportunities for growth and development.

Dias da Semana: Não Informado

Horário / Período: Não Informado

Os interessados devem se candidatar através do portal Caderno Nacional

Descrição da vaga

Quem é a Dock?
Há mais de 20 anos, cumprimos a missão de democratizar o acesso a serviços financeiros, tornando experiências financeiras mais simples e acessíveis.

Somos um time de pessoas obstinadas, que acreditam na tecnologia e nos serviços como os principais facilitadores para a evolução de nossos clientes e a transformação do papel das finanças.

Atuando em 11 localidades pela América Latina, trabalhamos sob o propósito de desmaterializar o universo financeiro para impulsionar a sociedade.

Na Dock você encontra:
Pessoas obstinadas em tornar as experiências financeiras mais simples e acessíveis.

Nossa missão e propósito é democratizar o universo financeiro, promovendo a inclusão de milhões de desbancarizados e sub-bancarizados na América Latina.

Acreditamos na tecnologia e serviços como os principais facilitadores para a evolução de nossos clientes e para transformar o papel das finanças, impulsionando a sociedade.

Responsabilidades e atribuições

E o dia a dia, como será?
Responsabilidades:
Responsável por apoiar na identificação, avaliação, monitoramento e mitigação de riscos, bem como no fortalecimento dos controles internos da organização. Atuará de forma transversal com diferentes áreas, garantindo a aderência às políticas, normas, frameworks regulatórios e de compliance, além de apoiar auditorias internas e externas.

Também irá conduzir mapeamentos e análises de riscos em processos, novos produtos e projetos estratégicos, além de realizar testes de controles internos, identificando gaps e propondo planos de ação. Fará parte do seu escopo a elaboração e atualização de políticas, normas e manuais de riscos e controles internos, bem como a preparação de relatórios gerenciais, apresentações executivas e o acompanhamento de indicadores de riscos para suporte à tomada de decisão.

Requisitos e qualificações

O que esperamos de você?
Habilidades:

Capacidade de comunicação clara e estruturada;

Senso de Urgência

Análise crítica

Organização

Capacidade de tomar decisões

Habilidade em trabalhar em um ambiente dinâmico e que utiliza o modelo ágil

Comunicação clara e objetiva

Atitude:

Postura colaborativa para atuação com as áreas e Clientes

Postura colaborativa para apoiar em diversos temas

Flexibilidade

Pró atividade

Busca de conhecimento constante

Autonomia

Postura firme (segurança)

Resiliência

Bom relacionamento

Senso de dono

Qualificações e Requisitos
Formação:
Ensino superior completo em Administração, Contabilidade, Economia, Direito, Engenharia, Tecnologia da Informação ou áreas correlatas.

Experiência:
Vivência prévia em gestão de riscos, auditoria interna, controles internos ou governança.

Idiomas:

• Inglês intermediário a avançado (leitura, escrita e conversação )
• Espanhol básico (diferencial para comunicação em projetos na América Latina).

Conhecimentos técnicos desejáveis:
Frameworks de controles internos e riscos (COSO, ISO 31000, COBIT, SOX).

Experiência com testes de controles e elaboração de relatórios executivos.

Noções de regulatórios e compliance (BACEN, CVM, LGPD, PCI, ISOs, entre outros).

Informações adicionais

E quais são os benefícios?

• Auxílio alimentação (mercado & restaurante);
• Plano de saúde e odontológico;
• Hospital digital;
• Suporte psicológico para psicoterapia online;
• Orientação ergonômica;
• Wellhub e TotalPass;
• Auxílio mensal para despesas remote first;
• Previdência privada após 6 meses de trabalho;
• Licença parental estendida;
• Auxílio creche;
• Auxílio para pais de filhos especiais;
• Plataforma de idiomas;
• Disponibilidade de coworking no Brasil inteiro
• Modelo Híbrido de trabalho ( 2 presenciais 3 remoto)

Vá mais longe com a gente

A Dock respeita a pluralidade de identidades e trabalha para promover uma cultura inclusiva. Não fazemos distinção de raça, cor, religião, identidade de gênero, orientação sexual, nacionalidade, deficiência ou idade em nenhuma etapa do processo seletivo, reforçando nosso compromisso com a diversidade.

Somos Dockers. Juntos construímos um futuro melhor. Inimaginável. Inesperado. Sem amarras.

Todos os dias, tornamos o universo financeiro mais simples, fácil e amplamente disponível. Fazemos isso questionando verdades estabelecidas, mudando conceitos e projetando o novo.

Nós realmente acreditamos na tecnologia para a evolução dos nossos clientes e para transformar o papel das finanças em todo o mundo, impulsionando a sociedade.

Se você também acredita nesse futuro, vem construir ele com a gente

Job ID: R

Full/Part-Time: Full-time

Regular/Temporary: Temporary

Listed:

Location: Sao Paulo

Job Title: Brazil Credit Risk Management - Intern

Corporate Title: Not Applicable

Location: São Paulo, Brazil

Overview

The Brazil Credit Risk Management credit team is tasked with managing the credit risk inherent in Deutsche Bank's business activities with Brazilian clients, including corporates, banks, non-bank financial institutions and sovereign counterparties across the region.

Credit Risk Management is responsible for handling loan, derivative (complex and vanilla) and trade-related approvals, setting and monitoring counterparty credit limits, negotiating credit terms in relevant agreements, and interfacing with senior management and business personnel on risk issues.

What We Offer You

• A diverse and inclusive environment that embraces change, innovation, and collaboration.
• A hybrid working model, allowing for in-office / work from home flexibility, generous vacation, personal and volunteer days
• Employee Resource Groups support an inclusive workplace for everyone and promote community engagement

• Competitive compensation packages including health and wellbeing benefits, retirement savings plans, parental leave, and family building benefits

• Educational resources, matching gift and volunteer programs

What You'll Do

• The Credit Risk Management trainee will assist Credit Officers in analyzing and managing credit risk in a portfolio of Brazilian and Latin American counterparties
• Support Credit Officers in the analysis and maintenance of credit risk ratings
• Portfolio analysis and monitoring: contribute with data preparation and analysis to support portfolio reviews
• Covenant management and maintenance
• Set up and maintenance of credit limits
• Review of internal policies and products
• Support day-to-day risk management and assist in maintaining / developing monitoring processes and tools
• Support the preparation of Senior Management presentations and reports

Skills You'll Need

• Student current obtaining a degree at university.
• Fluency in English.
• MS Office knowledge

Skills That Will Help You Excel

• Strong interpersonal skills
• Ability to work independently
• Self-motivated
• Self-starter

Expectations

It is the Bank's expectation that employees hired into this role will work in the São Paulo office in accordance with the Bank's presence.

Deutsche Bank provides reasonable accommodations to candidates and employees with a substantiated need based on disability and/or religion.

Deutsche Bank Values & Diversity

We believe talent is found in all cultures, countries, races, ethnicities, genders, sexual orientations, disabilities, beliefs, generations, backgrounds and experiences. We pursue a working environment where everyone can be authentic and feel a sense of belonging. Click here to find out more about our diversity and inclusion efforts.

We are an Equal Opportunity Employer - Veterans/Disabled and other protected categories.

Click these links to view the following notices: EEO is the Law poster and supplement ; Employee Rights and Responsibilities under the Family and Medical Leave Act ; Employee Polygraph Protection Act and Pay Transparency Nondiscrimination Provision

Learn more about your life at DB through the eyes of our current employees:

Hear from our people and look inside our office: Muse

We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively.

Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group.

We welcome applications from all people and promote a positive, fair and inclusive work environment.

At American Express, our culture is built on a 175-year history of innovation, shared At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of Team Amex, you'll experience this powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career.

Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.

How will you make an impact on this role?

This newly position will play a critical role to own and manage Business Operations activities across GNS LAC.

This role is part of a high profile, dynamic and business critical team focused on ensuring that GNS LAC develops and/or uplifts, where necessary, and maintains strong levels of risk & regulatory oversight and remains at all times compliant AXP policies, risk framework definitions and continues to adapt to an evolving regulatory landscape, which is critical to the ongoing success of the business.

The successful candidate will lead a team to address key responsibilities, and report into the VP, New Business Development, Strategic Planning and Governance, and will work across GNS business teams and key partner teams (Marketing, Partner Business Solutions, GCO, Compliance & Control Management) leading a range of business operation initiatives.

Key Responsibilities:

• Own, lead and coordinate new Regulatory Change Management (RCMs) for upcoming LAC regulations, including impact assessments, stakeholder engagement, implementation, planning and progress tracking/reporting to key stakeholders.
• Develop and / or produce, maintain and enhance on-going regulatory reporting, operational guides, external audits, and any type of material which may need to be presented to a regulatory body within the LAC region.
• Support development, uplift and maintenance of clear, well-documented policies and procedures to support the business in compliance with applicable regulatory obligations ensuring consistency both with AXP risk framework and audit observations.
• Support adherence to upcoming project Guardian requirements.
• Main point of contact for external / internal audits
• Lead business efforts to meet PRSA / RCSA standards, supporting on-going documentation, testing and assertion of exiting controls, their corresponding reviews and refresh exercises, as well as transitioning into RCSA methodology.
• Monitor, track, report and drive to resolution Operational Risk Events (ORE).
• Lead workstream on oversight of third parties consistent with Third-party Lifecycle management (TLM) standards.
• Lead workstream supporting adherence to data retention policies.
• Lead workstream supporting adherence to Model / Non-model AXP policy.
• Mandatory enterprise trainings oversight and support of business colleagues.
• Build and maintain strong relationships across a range of stakeholder teams including Marketing, Client Management, Partner Business Solutions and GNS central teams.
• Working in Partnership with key stakeholders such as Control Management, Compliance, GCO, network policy teams and partner teams to build out and operationalize robust regulatory processes, as applicable.

Minimum Qualifications

• Strong project management experience with ability to influence and drive change
• Ability to develop detailed project and execution plans
• Self-starter with excellent problem-solving skills and critical thinking
• Proven ability to understand complex end to end processes including technology, servicing and customer impacts.
• Strong analytical skills and ability to translate data into clear messaging for stakeholders
• Track record of dealing with multiple competing priorities and working well under pressure to balance competing priorities successfully.
• Excellent written and verbal communication skills, confident presenting to senior management & creating compelling messaging to drive change
• Strong relationship management skills across stakeholders of all levels
• Flexibility to quickly adapt to a dynamic and changing environment. Ability to re-focus according to business wide strategic priorities.
• Knowledge of the payment's ecosystems in LAC and its regulatory environment a plus
• Fluency in English language required

We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally:

• Competitive base salaries
• Bonus incentives
• Support for financial-well-being and retirement
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location)
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need
• Generous paid parental leave policies (depending on your location)
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location)
• Free and confidential counseling support through our Healthy Minds program
• Career development and training opportunities

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

About Nubank

Nubank is one of the largest digital financial services platforms in the world, empowering millions of customers across Latin America to take control of their financial lives. We're driven by an "AI-First" vision, leveraging cutting-edge technology to redefine financial services and deliver exceptional experiences. Our commitment to responsible AI is at the core of this vision, ensuring that innovation is balanced with robust risk management.

About the Role

We're looking for a highly motivated and experienced Risk Management Lead to join our global Model Risk Management team and assume a new AI Risk Management role. This pivotal role will be key to accelerating Nubank's AI-First strategy by ensuring the effective implementation of an AI Risk Management framework and our Global AI Policy. You will play a crucial part in evolving our multidisciplinary AI Governance Working Group (AIGWG) and fostering integrated risk management across Model Risk, Data Privacy, Third-Party Risk Management, and Information Security & IT Risk. In this context, AI refers to a broad range of applications, including LLMs, Generative AI, AI Agents, Foundation Models, and other advanced machine learning systems, developed internally or externally.

This is an opportunity to lead accountability for AI Governance, being at the forefront of innovation, and expanding the reach of AI Risk Management within an "AI-First" organization that is deeply committed to embedding responsible AI practices.

As an AI Risk Management Lead, you will:

• Drive AI Risk Strategy & Governance: In close partnership with the AI Governance Working Group, drive the implementation and evolution of Nubank's Global AI Policy, ensuring an interdisciplinary approach to AI risks and integrating existing risk governances.
• Enhance Cross-Coordination: Act as a central point for AI risk management, fostering seamless collaboration and communication between risk and business teams across Model, Data, Privacy, Information Security and IT Risks, as well as Platform, Engineering and Model Development teams.
• Integrate AI Risk into ERM: Ensure AI risks are appropriately managed within Nubank's Enterprise Risk Management framework, including defining Nubank's classification of AI systems following a risk-based approach. Collaborate with leadership to define the organization's AI risk appetite and monitor adherence to established thresholds.
• Identify & Mitigate AI Risks: Partner with various teams, leveraging existing risk assessment flows, to proactively identify, assess, and manage existing and emerging risks from AI across Third-Party Tools, Decision Making and Customer Facing Models, and Internal AI Productivity Agents.
• Strengthen Controls & Processes: Diagnose processes gaps and propose specific improvements for AI adoption, focusing on areas such as experimentation flows, and AI Systems lifecycle governance.
• Advance Quality & Responsible AI: Partner with Model Risk and Data Science teams to establish quality standards for AI models, such as foundation models and customer-facing models based on LLM and GenAI, enhancing explainability efforts, and contributing to the development of a comprehensive Responsible AI Framework.
• Promote Best Practices, Regulatory Adherence & AI Literacy: Keep up to date with industry best practices, new trends and legal & regulatory requirements, proposing necessary updates to the AI Risk Management framework and best practices guidelines. Contribute to the design and implementation of AI literacy programs to foster critical understanding and responsible data handling.
• Ensure Reporting & Resilience: Track AI usage and risks, developing standardized metrics and leadership reporting to ensure comprehensive risk coverage and regulatory adherence.
• Oversee Incident Response & Contingency Planning: Ensure there are effective incident response processes in place, including clear contingency plans for AI-related incidents.

What we are looking for:

• Strong background in risk management, compliance, and governance.
• Proven ability to identify, analyze, and assess risks emerging from complex methodologies and/or technological systems. You are expected to have a deep understanding of the principles and applications of modern AI/ML technologies (e.g., Generative AI, LLMs) and be capable of articulating their specific risk implications to technical and non-technical stakeholders.
• Interest in keeping learning about AI, identify risks, and propose risk mitigation and improvements opportunities strategies to the company.
• Strong project management skills with the ability to lead cross-functional initiatives and drive outcomes in a dynamic environment.
• Excellent communication and interpersonal skills, with the ability to influence and effectively discuss complex topics with both technical and non-technical stakeholders.
• Proactive, autonomous, and detail-oriented, with the ability to see the big picture.
• English language proficiency.

Bonus points if you have:

• Familiarity with regulatory requirements related to AI in financial services (e.g., FED-SR 11-7, PRA SS1/23, EU AI Act, NIST AI RMF principles, BR PL 2338).
• Experience developing or validating machine learning and/or AI models to leverage important decision-making processes or to solve relevant academic problems.
• Experience with Data Governance, Data Privacy, Information Security, and IT Risk Management.
• Experience with AI model inventory practices and governance rituals for multi-component systems.
• Relevant professional certifications on Risk Management (e.g. FRM, RAI)
• Advanced degree in Technology, Engineering, Risk Management, Computer Science, Mathematics, Finance, or a related discipline is preferred.

• Chance of earning equity at Nubank
• Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)
• Public Transportation Commuting Benefit (Vale-Transporte)
• NuCare – Psychological, Financial and Legal Assistance Program
• Life Insurance
• Medical Plan
• Dental Plan
• NuLanguage – Language Course Program
• Nucleo - Our learning platform of courses
• Extended Parental Leave
• Daycare Allowance
• Parental Consultancy
• Work-from-home Allowance
• Gym Partnerships
• 30 days of paid vacation

Our work model is hybrid and has cycles that can be from two to three months according to the business of expertise. For every eight or twelve weeks of remote work, one will be at the office.

Overview

We value innovation, quality, passion, integrity, and responsibility. We seek to enhance our team by recruiting talented professionals who share our commitment to growth and innovation.

The Business Analyst Intern will play a pivotal role in fortifying our fraud defenses by collaborating on process audits, rule tuning, and data-driven investigations. This position focuses on verifying the effectiveness of existing Robotic Process Automations (RPAs), Accertify rules, and anomaly detection signals. The successful candidate will work closely with Fraud Technology, Decision Sciences, and Anomaly Detection teams to review logic, test controls, and recommend improvements.

• Assist in auditing and validating existing fraud rules configured in the Accertify platform
• Support quality assurance reviews of RPAs related to fraud monitoring and decision-making
• Collaborate with the Anomaly Detection team to analyze triggers and evaluate false positives/negatives
• Help design and test Splunk dashboards and data visualizations for fraud alerts and system monitoring
• Document and report gaps or inefficiencies in current detection logic or process automations
• Perform basic root cause analysis of anomalous behavior and support process remediation
• Participate in fraud case reviews, helping to translate operational observations into structured findings

Os interessados devem se candidatar através do portal Caderno Nacional

Overview

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do. To support this we need to use industry best practices paired with emerging threat information to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will work within the team and cross-functionally with various teams across the organisation, contributing ideas and requirements for Canonical product security to improve resilience for Ubuntu customers and users subject to cyber attacks. The team also collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is to secure Canonical and contribute to the security of the wider open source ecosystem. They may share knowledge through public presentations and industry events, share threat intelligence with the wider community, or represent Canonical in sector-specific governance bodies.

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, and provide inputs to the development of key control indicators and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure the efficiency of security functions and capabilities

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer. We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

Overview

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do. To support this we need to use industry best practices paired with emerging threat information to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will work within the team and cross-functionally with various teams across the organisation, contributing ideas and requirements for Canonical product security to improve resilience for Ubuntu customers and users subject to cyber attacks. The team also collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is to secure Canonical and contribute to the security of the wider open source ecosystem. They may share knowledge through public presentations and industry events, share threat intelligence with the wider community, or represent Canonical in sector-specific governance bodies.

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, and provide inputs to the development of key control indicators and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure the efficiency of security functions and capabilities

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer. We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

Overview

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do. To support this we need to use industry best practices paired with emerging threat information to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will work within the team and cross-functionally with various teams across the organisation, contributing ideas and requirements for Canonical product security to improve resilience for Ubuntu customers and users subject to cyber attacks. The team also collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is to secure Canonical and contribute to the security of the wider open source ecosystem. They may share knowledge through public presentations and industry events, share threat intelligence with the wider community, or represent Canonical in sector-specific governance bodies.

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, and provide inputs to the development of key control indicators and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure the efficiency of security functions and capabilities

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer. We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.