: Sr. Security Risk Analyst - Risk Management
245 West 17th Street
New York, NY 10011

By applying for this role, you could choose to work in the following locations:
US - Remote US
New York City

Who We Are

The Information Security (InfoSec) organization advances the overall state of security at Twitter through critical initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Twitter to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties securely protect Twitter information. This role will be part of the Security Risk Management team which focuses on building out and supporting a security risk oversight function.

What You’ll Do

  • Contribute to building and operating our security risk management processes: risk assessment design and execution, risk treatment, issue and action management portfolio oversight, insight analysis, and reporting
  • Shepherd conversations around the impact and likelihood of an identified risk and suggest plans of action
  • Build and maintain strong cross-functional relationships across the organization to help with expectation setting, training and awareness, and promote consistency and improvement in our processes
  • Assist with identification and operation of Governance Risk and Compliance (GRC) tooling to support risk management processes
  • Advise and collaborate with SMEs, including Audit & Compliance, teams to ensure design and testing of security controls are aligned with leading best practices and executed effectively to manage risk
  • Find opportunities to continuously improve the program through innovation with tangible value to the organization
  • Help support various parts of the organization to adopt a common risk management process, this may include joining other projects adjacent to our Security RIsk Management program objectives
  • Be an inspiring leader in Information Security and align initiatives with business objectives of the company

Who You Are

  • A critical problem solver, detailed oriented, and highly motivated self-starter with a passion for constant learning & improvement
  • Able to communicate relevant information clearly and concisely, both verbally and in writing
  • Able to work efficiently with minimal oversight/direction and collaborate effectively in cross functional projects
  • Have knowledge of common security risks, vulnerabilities, and threats and solid experience in escorting these issues through risk analysis / treatment / mitigation processes
  • Able to discuss issues at technical and business levels with audiences of various backgrounds 
  • Willing to advocate for the security of Twitter users and communicate why security decisions are important to other internal teams
  • Have great people skills and able to flourish under pressure and ambiguity in a fast-paced team environment

Requirements

  • Bachelor degree in Information Security, Computer Science, Management Information Systems or related field preferred
  • Minimum 6+ years of related work experience building or operating programs to mitigate risks around security, confidentiality, integrity, availability, and privacy. Preferred prior experience in Information Security, Governance Risk or Compliance, or relevant Audit / Assessments functions
  • Demonstrated success in a security / operational risk management team at large complex organizations with a mature risk oversight function with direct experience in conducting and analyzing security risk assessments
  • Strong knowledge of relevant information security frameworks, including related regulatory compliance requirements, such as ISO 27001/2, CIS Top 20, SOC 2 Trust Services Criteria, PCI DSS, GDPR, NIST CSF / 800-53
  • Strong knowledge of audit and risk management methodologies, such as SOX, COBIT, NIST RMF / 800-37 / 800-30, FAIR
  • Relevant professional certifications in Information Security or Governance Risk Compliance Management is a plus, such as CISA, CISM, CRISC, CGEIT, CSX-P, CISSP, CCSK 
  • Proficient with Atlassian products, G-Suite applications, and GRC tools, such as RSA Archer / ServiceNow / MetricStream

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Full-time