Information Systems Security Compliance Engineer at Canonical

Canonical - We deliver open source to the world faster, more securely and more cost effectively than any other company. We develop Ubuntu, the world's most popular enterprise Linux from cloud to edge, together with a passionate global community of 200,000 contributors. Ubuntu means 'humanity to others'?. We chose it because it embodies the generosity at the heart of open source, the new normal for platforms and innovation. Together with a community of 200,000, we publish an operating system that runs from the tiny connected devices up to the world's biggest mainframes, the platform that everybody uses on the public cloud, and the workstation experience of the world's most productive developers. Secure and reliable, elegant and intuitive, and open for innovation - Ubuntu is the future of open source, which is why its the fastest growing Linux in the world despite already being the most widely deployed.

Description

• The Security Compliance Engineer works in the office of the CISO in the Risk & Compliance team to help Canonical to achieve overall security & compliance goals and relevant certifications, as well as compliance with regulatory frameworks and other relevant standards.
• The team's role is to ensure that Canonical conducts its business processes in compliance with laws and regulations, internal policies and procedures defined and international standards/best practices.
• This position is for an individual with the knowledge, drive and personal motivation to help build and grow a strong security & compliance governance framework in a fast-growing tech company, as well as help it achieve/maintain the necessary compliance certifications.
• This role can be home or office based. Periodic international travel for training and business meetings is required.

Key Responsibilities

• Collaborate with IT operations, Legal, Security, and Engineering teams to define and implement policies and procedures
• Help to design and implement controls to strengthen the company’s Security Posture
• Collaborate with various teams to ensure security standards are met across all projects
• Assess vulnerabilities/risks that could affect the integrity, availability, or confidentiality of data, systems, or services of the company and provide mitigation solutions
• Conduct regular audits to ensure compliance with internal policies and procedures, relevant security standards best practices, regulations and client requirements to identify gaps and provide remediation solutions
• Ensure controls are configured correctly and integrated into the security strategy
• Collaborate with internal teams to respond to Security Questionnaires, Contract  Compliance and Security & Compliance posture questions from customers
• Provide guidance and support to internal stakeholders regarding security & compliance practices
• Collaborate with internal teams to gather evidence for external audits
• Participate in the creation and or maintenance of the Information Security Management System
• Maintain an up-to-date knowledge on Security standards, best practices and trends to ensure ongoing compliance

Qualifications
Valuable experience:

• Bachelor's Degree (or equivalent) in Computer Science, Information Systems, or related field
• Affinity with Open Source software with regards to compliance
• Knowledge of designing and implementing security processes and solutions with topics ranging from architecture, governance, compliance, and operations
• Technical or engineering background, including software development, scripting, networking, and cloud architecture

Required skills and experience:

• 2+ years of experience within a security and compliance function
• Experience developing and maintaining policies, procedures, standards, and guidelines to align with company’s strategy and best practices
• Experience with security controls implementation, configuration and maintenance
• Experience with vulnerability management tooling, remediation, and processes
• Experience with coding/scripting in one or more languages (Python, C, C++, Java)
• Experience with Linux operating systems (Ubuntu preferred)
• Understanding of concepts related to Systems Engineering/DevOps, IaC, IAM, network security, systems security, cryptography
• Have a wide understanding of cybersecurity and data protection frameworks such as ISO 27001, NIST, SOC2, PCI-DSS, GDPR, CCPA.
• Experience with third party and external audits

Method of Application