See yourself at Twilio
Join the team as our next Business Unit Security Lead
Who we are & why we’re hiring
Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.
Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We're on a journey to becoming a globally anti-racist, anti-oppressive, anti-bias company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business. We employ thousands of Twilions worldwide, and we're looking for more builders, creators, and visionaries to help fuel our growth momentum.
About the job
Twilio is seeking a Business Unit Security Lead to support our R&D Business Unit for all of Twilio's communications products. The Business Unit Security Lead will be responsible for orchestrating and facilitating the information security strategy and program for the respective Twilio Business Unit (BU).
The Security Lead will partner with the BU R&D teams and related collaborators to improve the overall information security posture for their respective BU, help drive key enterprise security initiatives, facilitate progress and reporting metrics, and ensure that BU products and associated infrastructure align with the enterprise security program. The Security Lead will report directly to the Business Unit Information Security Officer (BISO) with additional accountability to the respective R&D Leaders.
In this role, you’ll:
- Engage directly with the BU R&D teams to understand, discuss, and advise on strategic priorities, concerns, and key security risks.
- Help coordinate and prioritize the work and resources for implementing enterprise security initiatives, including directing the embedded security team members.
- Be a trusted partner to the BU R&D teams and act in a consultative way to help the BU improve its security posture and adhere to enterprise security policies and expected controls.
- Engage R&D teams at a technical level to ensure they have clear visibility and understanding of mitigation priorities and pathways.
- Engage directly with the centralized security teams to align with the long term enterprise security roadmap and proactively advance BU operational issues.
- Champion Twilio’s enterprise security program within the respective BU, ensuring enterprise objectives and requirements are communicated and understood by BU partners.
- Maintain a solid understanding of the BU products and supporting infrastructure environment (e.g., application stacks, infrastructure components, external facing footprint, etc.) to help appropriately manage the threat and risk landscape.
- Work proactively with BU leadership to ensure security, risk, and compliance is actively contemplated in the BU’s strategic objectives and BPMs.
- Facilitate regular, timely reporting of key security metrics from the respective BU.
- Engage directly with the appropriate teams to ensure new products, services, applications, third party or customer relationships, have been assessed for security risks and that identified risks are appropriately addressed.
- Facilitate the identification of assets to be monitored by the enterprise Security Incident Response Team (SIRT).
- Facilitate security risk assessments within the respective BU performed by the centralized Governance, Risk, and Compliance (GRC) team.
- Serve as the liason path for information security issues and inquiries.
- Work with the centralized GRC team and Security leadership to help determine acceptable levels of risk for the respective BU, report on variances, and partner with BU R&D teams to ensure the execution of mitigation activities.
- Proactively identify security deficiencies or opportunities for improvement within the respective BU and facilitate development of pragmatic solutions.
Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!
- 6+ years in information security, IT audit, and/or IT/security risk management including 2+ years managerial or tech lead experience
- Experience with security risk assessments, IT audit, and GRC software (e.g., ServiceNow, Archer, ZenGRC, etc.)
- Experience managing security certification and attestation efforts, including execution of self-assessments, developing gap remediation strategies, and working with external auditors
- Familiarity with common security compliance, certification, and attestation frameworks and regulations (i.e. SOC 2, ISO 27001, HIPAA, SOX, HITRUST)
- Experience partnering with R&D/engineering teams in operationalizing security and privacy in infrastructure and customer-facing products.
- Proven track record of running successful security programs from conception to completion across a complex organization with competing partners.
- Good communication and interpersonal skills to build/maintain ongoing business relationships with all levels within an organization, from engineering to C-Suite.
- Technical familiarity and understanding of telecom specific security challenges related to SIP, SMPP, GSMA standard methodologies and 3GPP standards.\
- Understanding of SDLC programs and capabilities within an agile environment as related to application design and network infrastructure.
- Demonstrated experience effectively leading and managing collaborative, multi-functional teams to successfully deliver programs and/or multiple projects on time and within budget based on agreed upon scope and business goals
- Good ability to influence or negotiate with partners dealing with competing priorities
- Experience writing technical documentation, using modern documentation software, and shaping internal tooling strategy.
- A solution-oriented approach, with the ability to exercise good professional judgment
- Knowledge of the healthcare, telecommunications and software industries
- CISA, CISSP or other similar professional designations
- Strong project planning and prioritization skills, with the ability to respond quickly to a changing dynamic.
This role will be remote, US
Approximately 0% travel is anticipated.
What We Offer
There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.
Twilio thinks big. Do you?
We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.
So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now!
If this role isn't what you're looking for, please consider other open positions.
*Please note this role is open to candidates outside of Colorado as well. The information below is provided for those hired in Colorado only.
*If you are a Colorado applicant:
- The estimated pay range for this role, based in Colorado, is $176,080 - $220,100
- Non-Sales: Additionally, this role is eligible to participate in Twilio's equity plan.
The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state. This role is also eligible to participate in Twilio’s equity plan and for the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave.
Twilio is proud to be an equal opportunity employer. Twilio is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.
Twilio is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please contact us at email@example.com.