See yourself at Twilio
Join the team as Twilio's next Information Security Analyst (Risk Management)
About the job
Twilio is seeking a high-impact Senior Security Risk Management Analyst to serve as a primary driver in maturing our global risk function. This is a role for a technical doer who thrives on solving complex puzzles within a modern ecosystem of hybrid cloud, microservices, and global telecommunications infrastructure. You will be responsible for the full lifecycle of risk-from daily ticket analysis to executing deep-dive assessments and building the automated workflows that allow our One Twilio Risk program to scale.
The ideal candidate is a Jira power-user with a product security mindset-someone who understands that the most effective risk management is integrated directly into the developer workflow. You are someone who proactively fills knowledge gaps, and possesses the strategic vision to aid in further maturing our risk management practices.
Responsibilities
In this role, you'll:
• Risk Assessment & Analysis: Conduct day-to-day risk ticket analysis and lead in-depth assessments of product launches and infrastructure changes to identify and quantify security, IT, and R&D risks. • Framework Tailoring: Further operationalize and mature the One Twilio Risk Management framework leveraging risk management frameworks (NIST RMF, ISO 27005, etc.) with a specific focus on emerging areas like AI Risk, Data Governance, Privacy, Reliability, and Observability. • Workflow Automation: Build and optimize automated workflows that bridge the gap between compliance requirements and engineering productivity. • Strategic Triage: Layer compliance frameworks into the risk process, providing a unified view of how regulatory and compliance obligations impact our technical risk landscape. • Risk Communication: Articulate the big picture of risk impact to stakeholders at all levels, from engineering teams to executive leadership, using data-driven reporting. • Pragmatic Problem Solving: Implement security risk solutions that are practical and effective, ensuring risk management is a business enabler rather than a bottleneck.
Qualifications
Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasnt followed a traditional path, dont let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!
Required Experience: 5+ years of direct experience in Security Risk Management, with a proven track record of building and operationalizing industry-accepted risk frameworks (e.g., NIST RMF, COSO ERM, or ISO 31000). Technical Domain Expertise: Broad understanding of security architecture, networking, access control, software development, cryptography, and operations. You should be fluent in how security controls are implemented across applications, systems, and cloud platforms to reduce inherent risk. Risk Methodology: Strong understanding of both qualitative and quantitative risk analysis, including the performance, benefits, and strategic application of various analysis types. Stakeholder Partnership: Ability to collaborate with technical Security, Engineering, and IT teams to implement technical risk solutions and interpret control requirements for diverse stakeholder groups. Tooling & Automation: A strong bias toward automation and tooling to scale program impact; advanced proficiency in Jira for workflow orchestration is highly desired. Adaptability: Comfortable with ambiguity and highly adaptable to fast-changing, high-growth environments.
Technical Domain Expertise
Deep understanding of hybrid cloud environments (AWS/GCP), on-premise infrastructure, and microservices. Experience in the Telecommunications sector is highly preferred.
Strategic Mindset
Ability to pivot quickly between tactical firefighting and long-term strategic planning. You must be able to identify which risks are the most valuable to report on at any given time.
Communication
Exceptional written and verbal communication skills, with a proven ability to present complex risk topics to non-technical executive audiences. Ability to highlight and report on shared risk responsibility is key. Must be able to manage multiple projects under tight deadlines.
Desired
High-Octane Individual Contributor: You are a self-starter who takes pride in being a force multiplier. You have a proven ability to produce high-quality, audit-ready deliverables with minimal oversight. Master of Multi-Tasking: Exceptional organizational skills with the ability to context-switch effectively, managing a high volume of concurrent projects and tickets without sacrificing depth or accuracy. Collaborative Partner: You dont work in a silo. You are skilled at building bridges across R&D, Security, and IT, ensuring that risk management is integrated as a seamless partner. Efficiency Expert: You are constantly looking for ways to optimize your own output and team processes, turning manual, repetitive tasks into streamlined, automated successes. *Executive Presence: Ability to distill granular technical findings into concise, high-level summaries that drive decision-making at the leadership level.
Location
This role will be remote and based in Ontario, British Columbia or Alberta, Canada.
Travel
We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.
What We Offer
Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. Based on role, employees may also be eligible for additional compensation and benefits, including but not limited to incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off.
Estimated Pay Range
$120,640 - 150,800 CAD
Target Bonus Percentage
15%
The successful candidate's starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.