Senior Analyst, Security Compliance

See yourself at Twilio

Join the team as Twilio’s next Senior Analyst, Security Compliance

Who we are 

At Twilio, we’re shaping the future of communications, all from the comfort of our homes. We deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences.

Our dedication to remote-first work, and strong culture of connection and global inclusion means that no matter your location, you’re part of a vibrant, diverse team making a global impact each day. As we continue to revolutionize how the world interacts, we’re acquiring new skills and experiences that make work feel truly rewarding. Your career at Twilio is in your hands. 

About the job

The Security Compliance Senior Analyst will be a key member of the Security Compliance program at Twilio, focused on maturing our Security Compliance posture by preparing internal stakeholders for certification activities. The team works closely with our Product and Engineering teams to ensure products are compliant with regulations and implement industry best practice security measures (e.g. ISO 27001, SOC2 Type 2, PCI DSS). This role would participate in advisory and gap assessment activities that drive down Security Compliance risk for the organization, demonstrate strong project planning and management skills, and be able to effectively represent Compliance programs with cross-functional stakeholders and leadership. Ideally, they would also have experience with creating metrics and executive dashboards to convey the risk burndown and value-add Compliance activities are creating for the organization.

Responsibilities

In this role, you’ll:

• Manage multiple Security Compliance projects from inception to completion, including collaborating and tracking milestones, documenting key project risks, updating metrics and OKRs, and using problem-solving skills to clear blockers.
• Strong demonstrate experience working with multiple Security Compliance frameworks (e.g. ISO 27001, SOC2 Type 2, NIST 800v5, PCI DSS) and ability to drive strategic improvements in controls, process design, continuous monitoring, and policy / procedure documentation across a diverse set of cross-functional stakeholders across the company (Sales, Engineering, Product, Legal, Finance, IT, HR, etc).
• Advise on Security and Compliance control designs and architecture patterns. Work with the technical security teams and their business counterparts to implement controls, metrics, and automation to improve the security posture of the organization.
• Evaluate technology solutions and identify security gaps against security baselines and compliance requirements, partnering with cross-functional teams to clarify risk in the business context, recommend remediation activities and timelines, and escalate issues as needed for visibility.
• Improve internal processes to promote consistent and fact-based conclusions. Leverage and improve existing project management tools to provide metrics and reporting standardization.

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required: 

• 5+ years of Security Compliance and / or Risk Management experience, working with security-centric risk management or compliance frameworks such as ISO/IEC 27001, PCI DSS, SOC2, HIPAA, FedRAMP, NIST CSF, or NIST 800-53.
• 2+ years of project management experience in security or another technical field, including defining overall project scope, creating milestones, tracking project performance with metrics, and communicating project status to management, including escalation of risks.
• 2+ years of working with technical security and Engineering / IT to implement technical control solutions (preferably within code deployment pipelines and public cloud solutions). Ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge.
• Ability to work in a dynamic, fast-paced environment that requires constant prioritization.
• Demonstrate strong verbal and written communication skills, and ability to translate complex technical or security requirements or risks into business language that can be understood by various audiences.
• Ability to think critically and solve problems, create win-win solutions.
• Experiencing using or creating metrics to effectively tell a compliance or security “story”, including the use of various formats and visuals.

Desired:

• Experience and familiarity with cloud security techniques and working with public cloud solutions including but not limited to AWS and GCP.
• Experience and familiarity with securing code deployment pipelines and Infrastructure as Code (IaC).
• CISA, CISM, GIAC, CISSP or other Information Security related certification is highly preferred.

Location

This role will be remote and based in Ireland.