Senior Analyst, Security Compliance

Summary

Join Twilio as a Security Compliance Senior Analyst and play a key role in maturing our Security Compliance posture. You will manage multiple Security Compliance projects, collaborate with cross-functional teams, and advise on security control designs. This role requires strong project management skills, experience with various compliance frameworks (e.g., ISO 27001, SOC2 Type 2, PCI DSS), and excellent communication abilities. You will work to improve internal processes, create metrics, and effectively communicate compliance and security information. The position is remote and based in Ireland. Twilio is an equal opportunity employer.

Requirements

• 5+ years of Security Compliance and / or Risk Management experience, working with security-centric risk management or compliance frameworks such as ISO/IEC 27001, PCI DSS, SOC2, HIPAA, FedRAMP, NIST CSF, or NIST 800-53
• 2+ years of project management experience in security or another technical field, including defining overall project scope, creating milestones, tracking project performance with metrics, and communicating project status to management, including escalation of risks
• 2+ years of working with technical security and Engineering / IT to implement technical control solutions (preferably within code deployment pipelines and public cloud solutions). Ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge
• Ability to work in a dynamic, fast-paced environment that requires constant prioritization
• Demonstrate strong verbal and written communication skills, and ability to translate complex technical or security requirements or risks into business language that can be understood by various audiences
• Ability to think critically and solve problems, create win-win solutions
• Experiencing using or creating metrics to effectively tell a compliance or security “story”, including the use of various formats and visuals

Responsibilities

• Manage multiple Security Compliance projects from inception to completion, including collaborating and tracking milestones, documenting key project risks, updating metrics and OKRs, and using problem-solving skills to clear blockers
• Demonstrate experience working with multiple Security Compliance frameworks (e.g. ISO 27001, SOC2 Type 2, NIST 800v5, PCI DSS) and ability to drive strategic improvements in controls, process design, continuous monitoring, and policy / procedure documentation across a diverse set of cross-functional stakeholders across the company (Sales, Engineering, Product, Legal, Finance, IT, HR, etc)
• Advise on Security and Compliance control designs and architecture patterns. Work with the technical security teams and their business counterparts to implement controls, metrics, and automation to improve the security posture of the organization
• Evaluate technology solutions and identify security gaps against security baselines and compliance requirements, partnering with cross-functional teams to clarify risk in the business context, recommend remediation activities and timelines, and escalate issues as needed for visibility
• Improve internal processes to promote consistent and fact-based conclusions. Leverage and improve existing project management tools to provide metrics and reporting standardization

Preferred Qualifications

• Experience and familiarity with cloud security techniques and working with public cloud solutions including but not limited to AWS and GCP
• Experience and familiarity with securing code deployment pipelines and Infrastructure as Code (IaC)
• CISA, CISM, GIAC, CISSP or other Information Security related certification is highly preferred

Benefits

Remote work