Staff Analyst, Security Risk Management

Summary

Join Twilio as our next Staff Analyst, Security Risk and become a key member of the Security Risk Management program. You will lead the daily management of the One Twilio Risk Management program, developing and maintaining risk registers, collaborating with cross-functional teams, and preparing risk reports for senior leadership. This role requires 5+ years of risk management experience with security-centric frameworks and a strong technical background. You will analyze risk data, develop predictive models, and coordinate with auditors. The position offers remote work based in Alberta, Ontario, or British Columbia, Canada, with minimal travel. Twilio provides competitive pay and benefits, including generous time off, parental and wellness leave, healthcare, and a retirement savings program.

Requirements

• 5+ years of Risk Management experience, working with security-centric risk management and compliance frameworks. Experience implementing (building and operationalizing) an industry accepted risk framework including but not limited to NIST Risk Management Framework, COSO Enterprise Risk Management, or ISO 31000
• Strong background in the ability to identify, analyze, and quantify risks from a technical perspective and experience implementing and operationalizing qualitative and quantitative risk analysis, including the performance, benefits, and when to use various types of analysis
• Proven track record of managing risk assessments, risk registers, and compliance programs in large, complex organizations
• 3+ years of working with technical security and Engineering / IT to implement technical risk/control solutions with the ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge
• Have a broad understanding of various security domains and a demonstrated track record of understanding security architecture, network, access control, software development, cryptography, and operations
• Biased towards automation and tooling to scale program impact and reach
• Excellent verbal, written, and interpersonal skills

Responsibilities

• Lead the daily management and oversight of the One Twilio Risk Management program which includes establishing processes and operations for all areas of cyber risk
• Develop and maintain risk register(s) to track key risk indicators (KRIs) and ensure risks are identified, evaluated, and mitigated appropriately
• Collaborate with cross-functional teams to ensure proper control mechanisms are in place
• Review and assess the effectiveness of risk mitigation strategies and recommend improvements
• Prepare and deliver regular risk reports, dashboards, and presentations to senior leadership, highlighting key risk trends, issues, and mitigation efforts
• Develop key performance indicators (KPIs) to measure the effectiveness of risk management processes
• Analyze risk data from various sources to assess trends and develop predictive models for potential risks
• Use data analytics and risk modeling tools to assess the financial, operational, and security impact of risks
• Develop ad-hoc reports and presentations as required to support risk decision-making
• Coordinate with internal and external auditors to support compliance assessments and resolve any risk-related findings
• Provide training to internal teams on risk management processes, controls, and best practices
• Participate in the development of risk management policies, procedures, and frameworks
• Work with the risk management team to enhance organizational risk culture and awareness

Preferred Qualifications

• Bachelor’s degree in Risk Management, Business, Finance, Cybersecurity, or a related field
• Professional certifications (e.g., CRISC, CISA, CISSP, FRM) are a plus
• Strong analytical and problem-solving skills with the ability to interpret complex data and present actionable insights
• Excellent communication skills, with the ability to translate risk findings into clear, actionable recommendations for leadership
• Proficient with risk management software and tools (e.g., RSA Archer, MetricStream, ServiceNow)
• Experience with project management and working across multiple teams and departments
• Strategic Thinking: Ability to think critically about organizational risks and provide proactive recommendations
• Attention to Detail: Ensuring thorough risk assessments and accurate reporting
• Collaboration: Effectively working with internal and external stakeholders to mitigate risks
• Leadership: Ability to take ownership of projects and lead initiatives in risk management processes

Benefits

• Competitive pay
• Generous time-off
• Ample parental and wellness leave
• Healthcare
• A retirement savings program