Third Party Risk Analyst 2

Summary

Join Twilio as a Third Party Risk Analyst 2 and become a key member of the Security Risk Management program. You will conduct security risk assessments for third-party vendors, identify vulnerabilities, and recommend mitigation strategies. The role involves collaborating with various teams to ensure effective risk management and staying updated on security threats and compliance requirements. You will prepare reports and presentations on third-party security risk findings. This position offers an opportunity to contribute to the growth and maturity of risk practices within a dynamic organization. Twilio offers competitive pay, generous time off, parental and wellness leave, healthcare, and a retirement savings program.

Requirements

• 2-3 years of Third Party Risk Management experience, working with security-centric risk management and compliance frameworks
• Strong background in the ability to identify, analyze, and quantify risks from a technical perspective and experience implementing and operationalizing qualitative and quantitative risk analysis, including the performance, benefits, and when to use various types of analysis
• Proficiency in security risk assessment methodologies and security compliance standards
• Experience of working with technical security and Engineering / IT to implement technical risk/control solutions with the ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge
• Biased towards automation and tooling to scale program operations
• Excellent verbal, written, and interpersonal skills
• Flexible and able to manage multiple projects under tight deadlines
• Comfortable with ambiguity and adaptable to fast changing environments
• Strategic thinker and problem solver with exceptional communication skills

Responsibilities

• Conduct security risk assessments for third party vendors, service providers, and telecom carriers to evaluate their security controls and compliance
• Identify and report third party security vulnerabilities and recommend mitigation strategies
• Experience reviewing industry certifications and compliance reports such as PCI-DSS, SOC 2, and ISO 27001
• Assist in the development and implementation of third party security risk management frameworks
• Monitor and report on security incidents related to third party engagements, providing insights and recommendations to senior leadership
• Collaborate with procurement, legal, privacy, security, and compliance teams to ensure third party risks are effectively managed
• Stay up to date on emerging security threats, compliance requirements, and industry best practices related to third party security
• Prepare reports and presentations on third party security risk findings and mitigation efforts for stakeholders

Preferred Qualifications

• Bachelor’s degree in Information Security, Risk Management, Cybersecurity, or a related field
• Professional certifications (e.g., CISSP, CISM, or Security+)
• Experience with cloud security, identity access management (IAM), and vulnerability management
• Experience with third party risk management (TPRM) and procurement tools, such as ServiceNow TPRM, Oracle, and Ironclad
• Familiarity with enterprise risk management (ERM) frameworks and methodologies
• Collaboration: Effectively working with internal and external stakeholders to mitigate risks

Benefits

• Competitive pay
• Generous time off
• Ample parental and wellness leave
• Healthcare
• A retirement savings program