Staff Analyst, Security Risk Management

See yourself at Twilio

Join the team as our next Staff Analyst, Security Risk

Who we are & why we’re hiring

The Security Risk Analyst will be a key member of the Security Risk Management program at Twilio, focused on maturing our Security risk posture by preparing internal stakeholders for certification activities. The team works closely with our Product and Engineering teams to ensure all areas of cyber risk are identified across Twilio and that risk methodologies are operationally effective and in compliance with regulations and industry best practice security measures (e.g. COSO, ISO 31000). This role provides an exciting opportunity for professionals who are passionate about risk management and ready to contribute to the continued growth and maturity of risk practices within a dynamic organization like Twilio. 

Responsibilities

In this role, you’ll:

• Lead the daily management and oversight of the One Twilio Risk Management program which includes establishing processes and operations for all areas of cyber risk. 
• Develop and maintain risk register(s) to track key risk indicators (KRIs) and ensure risks are identified, evaluated, and mitigated appropriately.
• Collaborate with cross-functional teams to ensure proper control mechanisms are in place.
• Review and assess the effectiveness of risk mitigation strategies and recommend improvements.
• Prepare and deliver regular risk reports, dashboards, and presentations to senior leadership, highlighting key risk trends, issues, and mitigation efforts.
• Develop key performance indicators (KPIs) to measure the effectiveness of risk management processes.
• Analyze risk data from various sources to assess trends and develop predictive models for potential risks.
• Use data analytics and risk modeling tools to assess the financial, operational, and security impact of risks.
• Develop ad-hoc reports and presentations as required to support risk decision-making.
• Coordinate with internal and external auditors to support compliance assessments and resolve any risk-related findings.
• Provide training to internal teams on risk management processes, controls, and best practices.
• Participate in the development of risk management policies, procedures, and frameworks.
• Work with the risk management team to enhance organizational risk culture and awareness.

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• 5+ years of Risk Management experience, working with security-centric risk management and compliance frameworks. Experience implementing (building and operationalizing) an industry accepted risk framework including but not limited to NIST Risk Management Framework, COSO Enterprise Risk Management, or ISO 31000.
• Strong background in the ability to identify, analyze, and quantify risks from a technical perspective and experience implementing and operationalizing qualitative and quantitative risk analysis, including the performance, benefits, and when to use various types of analysis.
• Proven track record of managing risk assessments, risk registers, and compliance programs in large, complex organizations.
• 3+ years of working with technical security and Engineering / IT to implement technical risk/control solutions with the ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge.
• Have a broad understanding of various security domains and a demonstrated track record of understanding security architecture, network, access control, software development, cryptography, and operations.
• Biased towards automation and tooling to scale program impact and reach.
• Excellent verbal, written, and interpersonal skills.

Desired:

• Bachelor’s degree in Risk Management, Business, Finance, Cybersecurity, or a related field.
• Professional certifications (e.g., CRISC, CISA, CISSP, FRM) are a plus.
• Strong analytical and problem-solving skills with the ability to interpret complex data and present actionable insights.
• Excellent communication skills, with the ability to translate risk findings into clear, actionable recommendations for leadership.
• Proficient with risk management software and tools (e.g., RSA Archer, MetricStream, ServiceNow).
• Experience with project management and working across multiple teams and departments.
• Strategic Thinking: Ability to think critically about organizational risks and provide proactive recommendations.
• Attention to Detail: Ensuring thorough risk assessments and accurate reporting.
• Collaboration: Effectively working with internal and external stakeholders to mitigate risks.
• Leadership: Ability to take ownership of projects and lead initiatives in risk management processes.

Location

This role will be remote, and based in Alberta, Ontario or British Columbia, Canada. 

Travel

We prioritize connection and opportunities to build relationships with our customers and each other. For this role, approximately <5% travel is anticipated to help you connect in-person in a meaningful way. 

What We Offer

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

Twilio thinks big. Do you?

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now!

If this role isn't what you're looking for, please consider other open positions.

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.