Staff Security Analyst, Information Security (L4) United States
Because you belong at Twilio
The Who, What, Why and Where
The Staff Security Analyst, Information Security (L4) will be a key member of the Security Assurance program at Twilio, focused on maturing our Security and Compliance posture through consulting, gap assessments, and certification activities.
This individual will be responsible for working effectively with numerous cross-functional stakeholders across the company (Sales, Engineering, Product, Legal, Finance, IT, HR, etc.) to effectively drive improvements in control and process design, testing, remediation, continuous monitoring, project management and documentation. They will work to evaluate technology solutions and identify security gaps against baselines, partnering with cross-functional teams precisely rate risk in the business context, recommend remediation activities and timelines, and escalate issues as needed for visibility. In addition, they will be working to improve the internal processes of the teams to promote consistent evaluations, automation, and reporting of metrics.
Twilio is looking for a proactive individual who lives Twilio Magic and has a broad knowledge of technology security controls and compliance regimes. They should have:
- 8+ years of Compliance, Assurance, and / or Risk Management experience, working with security-centric risk management or compliance frameworks such as HITRUST, NIST CSF, NIST 800-53, ISO/IEC 27001, PCI, HIPAA, IRAP, and / or FedRAMP.
- 5+ years of project management experience in security or another technical field
- 3+ years of program management experience, including defining overall project scope, tracking project performance, communicating project status to senior management.
- Past experience in HITRUST compliance implementation or gap assessment / audit.
- Experience and familiarity with cloud security techniques and working with public cloud solutions including but not limited to AWS and GCP.
- Experience and familiarity with securing code deployment pipelines and Infrastructure as Code (IaC).
- Ability to work in a dynamic, fast-paced environment that requires constant prioritization
- Demonstrate strong verbal and written communication skills, and ability to translate complex technical or security requirements or risks into business language that can be understood by various audiences.
- Ability to think critically and solve problems, build win-win solutions.
- Experiencing using or crafting metrics to effectively tell a compliance or security “story”, including the use of various formats and visuals.
- CISA, CISM, GIAC, CISSP or other Information Security related certification required.
As a Staff Security Analyst, Information Security (L4), you will live the Twilio Magic values:
- NO SHENANIGANS: Serve as a key member of the company’s Security Assurance program by supporting ongoing security, compliance and continuous monitoring activities. Be transparent and clear on assessments, accurately identify gaps, and ensure stakeholders understand resultant risks.
- DRAW THE OWL: Help build and maintain security baselines that align industry best practice with compliance requirements. Create stakeholder awareness and education material, empowering the business to better understand and adopt baseline controls.
- EMPOWER OTHERS: Help the business understand security baselines and compliance standards, creating security evangelists within the organization. Support evidence collection, and documentation in support of internal and external audits.
- WRITE IT DOWN: Engage with subject matter experts to develop, edit, and revise documentation including policies and procedures. Ensure findings are accurately presented and gaps / risks identified are properly conveyed based on context.
- BE AN OWNER: Manage timelines, project plans, status reports and metrics to ensure milestones, goals and commitments are met.
- Lead internal and external assessments against Twilio’s information systems, services, and teams.
- Where applicable, identify areas of improvement as a general security practitioner and determine how processes, automation, and controls could help mature the overall security of the organization.
This role will play a crucial role in establishing and maturing the control environment, enhancing Twilio’s security posture, building Customer Trust, and driving additional revenue for the company.
Twilio is a company that is empowering the world’s developers with modern communication in order to build better applications. Twilio is truly unique; we are a company committed to your growth, your learning, your development and your entire employee experience. We only win when our employees succeed, and we're dedicated to helping you develop your strengths. We invest in weeks dedicated to tackling hard problems and creating your own ideas. We have a cultural foundation built on diversity, inclusion and innovation, and we want you and your ideas to thrive at Twilio.
We employ diverse talent from all over the world and we believe great work can be done anywhere. Around the world, Twilio offers benefits and perks to support the physical, financial, and emotional well being of you and your loved ones. No matter where you are based, you will experience a company that believes in small teams for maximum impact; seeks well-rounded talent to ensure a full perspective on our customers’ experience, understands that this is a marathon, not a sprint; that continuously and purposefully builds an inclusive culture that empowers everyone to do their best work and be the best version of themselves.
Millions of developers around the world have used Twilio to unlock the magic of communications to improve any human experience. Twilio has democratized communications channels like voice, text, chat, video and email by virtualizing the world’s communications infrastructure through APIs that are simple enough for any developer to use, yet robust enough to power the world’s most demanding applications. By making communications a part of every software developer’s toolkit, Twilio is enabling innovators across every industry — from emerging leaders to the world’s largest organizations — to reinvent how companies engage with their customers.
In accordance with applicable law, the following represents Twilio's reasonable estimate of the range of possible compensation for this role if hired in Colorado.
Please note that this information is provided for those hired in Colorado only, and this role is open to candidates outside of Colorado as well.
Salary Range: $132,928 - $182,776
Rest of Colorado:
Salary Range: $116,312 - $159,929
Additionally, this role is eligible to participate in Twilio's equity plan.
An overview of Twilio’s benefits offered is listed below:
Twilio is committed to delivering a comprehensive benefits program that provides support needed for you and your loved ones. It’s likely that you don’t think about benefits every day; however, they are an important component of your total compensation, and we want you to understand the options available to you so that you can make the most of your benefit dollars. At the time of this posting, this role is eligible to participate in the following benefits, which Twilio reserves the right to modify at any time for any reason in accordance with applicable law:
Healthcare Insurance and Leave
- Prescription Drug
- Flexible Spending and Health Savings Accounts
- Leave programs for all of life’s moments: maternity, parental/bonding, as well medical leave to care for yourself or a loved one
- Short and Long Term Disability Insurance
- Life and Accidental Death & Dismemberment Insurance
- 401(k) Retirement Savings Plan with a match
Reimbursement Programs & Stipends
- $65 per month work-from-home stipend
- Up to $50 per month for wellness expenses and activities
- Up to $30 per month to use towards books/eBooks
Vacancy page : https://boards.greenhouse.io/twilio/jobs/3439988