Senior Information Security Analyst, Risk Management

About Twilio

At Twilio, we're shaping the future of communications from the comfort of our homes. We deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences.

Our dedication to remote-first work and a strong culture of connection and global inclusion means you're part of a vibrant team making a global impact each day, no matter your location. Your career at Twilio is truly in your hands.

We use Artificial Intelligence (AI) to make our hiring process efficient, fair, and transparent, but automation never makes the final call. Every hiring decision is made by real Twilions, ensuring a human touch at every step.

About The Job: Senior Information Security Analyst, Risk Management

Twilio is seeking a high-impact Senior Security Risk Management Analyst to serve as a primary driver in maturing our global risk function. This is a role for a technical "doer" who thrives on solving complex puzzles within a modern ecosystem of hybrid cloud, microservices, and global telecommunications infrastructure. You will be responsible for the full lifecycle of risk—from daily ticket analysis to executing deep-dive assessments and building the automated workflows that allow our One Twilio Risk program to scale.

The ideal candidate is a Jira power-user with a "product security" mindset—someone who understands that the most effective risk management is integrated directly into the developer workflow. You proactively fill knowledge gaps and possess the strategic vision to aid in further maturing our risk management practices.

Responsibilities

• Risk Assessment & Analysis: Conduct day-to-day risk ticket analysis and lead in-depth assessments of product launches and infrastructure changes to identify and quantify security, IT, and R&D risks.
• Framework Tailoring: Further operationalize and mature the One Twilio Risk Management framework leveraging industry standards (NIST RMF, ISO 27005) with a specific focus on emerging areas like AI Risk, Data Governance, Privacy, Reliability, and Observability.
• Workflow Automation: Build and optimize automated workflows that bridge the gap between compliance requirements and engineering productivity.
• Strategic Triage: Layer compliance frameworks into the risk process, providing a unified view of how regulatory and compliance obligations impact our technical risk landscape.
• Risk Communication: Articulate the "big picture" of risk impact to stakeholders at all levels, from engineering teams to executive leadership, using data-driven reporting.
• Pragmatic Problem Solving: Implement security risk solutions that are practical and effective, ensuring risk management is a business enabler rather than a bottleneck.

Qualifications

Twilio values diverse experiences and encourages everyone who meets the required qualifications to apply.

Required Experience:

• 5+ years of direct experience in Security Risk Management, with a proven track record of building and operationalizing industry-accepted risk frameworks (e.g., NIST RMF, COSO ERM, or ISO 31000).
• Technical Domain Expertise: Broad understanding of security architecture, networking, access control, software development, cryptography, and operations. Fluent in how security controls are implemented across applications, systems, and cloud platforms to reduce inherent risk. Deep understanding of hybrid cloud environments (AWS/GCP), on-premise infrastructure, and microservices. Experience in the Telecommunications sector is highly preferred.
• Risk Methodology: Strong understanding of both qualitative and quantitative risk analysis, including the performance, benefits, and strategic application of various analysis types.
• Stakeholder Partnership: Ability to collaborate with technical Security, Engineering, and IT teams to implement technical risk solutions and interpret control requirements for diverse stakeholder groups.
• Tooling & Automation: A strong bias toward automation and tooling to scale program impact; advanced proficiency in Jira for workflow orchestration is highly desired.
• Adaptability: Comfortable with ambiguity and highly adaptable to fast-changing, high-growth environments.
• Strategic Mindset: Ability to pivot quickly between tactical "firefighting" and long-term strategic planning. Must be able to identify which risks are the most valuable to report on at any given time.
• Communication: Exceptional written and verbal communication skills, with a proven ability to present complex risk topics to non-technical executive audiences. Ability to highlight and report on shared risk responsibility is key. Must be able to manage multiple projects under tight deadlines.

Desired:

• High-Octane Individual Contributor: Self-starter who takes pride in being a "force multiplier," producing high-quality, audit-ready deliverables with minimal oversight.
• Master of Multi-Tasking: Exceptional organizational skills with the ability to context-switch effectively, managing a high volume of concurrent projects and tickets without sacrificing depth or accuracy.
• Collaborative Partner: Skilled at building bridges across R&D, Security, and IT, ensuring risk management is integrated as a seamless partner.
• Efficiency Expert: Constantly looking for ways to optimize output and team processes, turning manual tasks into streamlined, automated successes.
• Executive Presence: Ability to distill granular technical findings into concise, high-level summaries that drive decision-making at the leadership level.

Location and Travel

This role will be remote and based in Ontario, British Columbia, or Alberta, Canada. Occasional travel may be required for project or team in-person meetings.

What We Offer

Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. The estimated pay ranges for this role are as follows: $120,640 - 150,800 CAD with a Target Bonus Percentage of 15%.

Key skills/competency

• Security Risk Management
• NIST RMF
• ISO 27005
• Hybrid Cloud Security (AWS/GCP)
• Microservices Security
• Jira Automation
• Risk Assessment & Analysis
• Data Governance
• AI Risk Management
• Stakeholder Communication