Staff Security Risk Analyst

See yourself at Twilio

Join the team as Twilio’s next Staff Security Analyst.

Who we are & why we’re hiring

Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.

Although we’re headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We’re on a journey to becoming a global company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business.

About the job

Security Risk Management is growing in importance as we transmit and store an increasing amount of sensitive information and adapt new technologies. Implementing a robust risk management practice is imperative to ensure information and technology protection of our customers who entrust their information to Twilio. Twilio is looking for an individual contributor who lives the Twilio Magic and has the necessary expertise to manage security risk and help mature our risk management program into an industry leading practice.

Twilio Security Enablement is a growing team and we’re looking for someone to identify, assess, mitigate, and report on information security risks tied to Twilio technology assets. This role will work with Business Information Security Officers (BISOs), Security Architects, and  SecurityEngineers to execute security risk assessments, understand Business unit specific risks and coordinate with the BISOs and other security teams to collaborate and burn down technical risks .  Reporting to the Director of BU Security, this position is critical to ensuring Twilio’s risk posture is maintained and communicated to Twilio management.

Responsibilities

In this role, you’ll:

• As a Staff Security Risk Analyst, you will live the Twilio Magic values:
• DRAW THE OWL: Implement and execute the security risk management strategy to ensure we’re meeting our customers’ high expectations and all applicable laws and evolving regulatory requirements.
• RUTHLESSLY PRIORITIZE: Drive ongoing security risk management initiatives to ensure adherence across our fast-growing organization
• BE AN OWNER: Define the short- and long-term objective and key results (OKRs) for security risk management
• WRITE IT DOWN: Develop implementable runbooks, standards, and best practices around security risk management.
• NO SHENANIGANS: Define efficient and effective security risk management practices that meet the needs of multiple business, regulatory, and security stakeholders and work with those teams to drive successful implementation
• DON’T SETTLE: Leverage automation and tooling to monitor and report compliance with security risk management requirements.
• EMPOWER OTHERS: Share knowledge and enable a high-performing team of security risk management professionals.

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn’t followed a traditional path, don’t let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• 5+ years of working experience in Security Risk Management.
• Experience implementing and managing an industry accepted risk framework including but not limited to NIST Risk Management Framework, COSO Enterprise Risk Management, or ISO 31000.
• Strong understanding of security controls and how they should be implemented across applications, systems and internal/cloud platforms to drive down inherent risk.
• Have a broad understanding of various security domains and a demonstrated track record of understanding security architecture, network, access control, software development, cryptography, and operations.
• Experience working within a regulatory environment including but not limited to PCI-DSS, HIPAA, and other emerging privacy frameworks.
• Strong understanding of qualitative and quantitative risk analysis, including the performance, benefits, and when to use various types of analysis.
• Biased towards automation and tooling to scale program impact and reach
• Excellent verbal, written, and interpersonal skills.
• Flexible and able to manage multiple projects under tight deadlines.
• Comfortable with ambiguity and adaptable to fast changing environments.

Desired:

• Knowledge of a modern GRC workflow and automation solutions is beneficial
• Security and/or risk certifications are a plus.(CRISC, CISM, CISSP)

Location 

This role will be remote and based in the U.S.

What We Offer

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

Twilio thinks big. Do you?

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That’s why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you’re ready to unleash your full potential, do your best work, and be the best version of yourself, apply now!

If this role isn’t what you’re looking for, please consider other open positions.

The estimated pay ranges for this role are as follows:

• Based in Colorado: $99,360-$124,000
• This role may be eligible to participate in Twilio’s equity plan. All roles are eligible for the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave.

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state.