Analyst, Security Risk

Responsibilities

In this role, you’ll:

• Manage the daily management and oversight of the One Twilio Risk Management program which includes establishing processes and operations for all areas of cyber risk. 
• Help create, manage, and maintain risk register(s) to track key risk indicators (KRIs) and ensure risks are identified, evaluated, and mitigated appropriately.
• Collaborate with cross-functional teams to ensure proper control and risk mechanisms are in place.
• Review and assess the effectiveness of risk mitigation strategies and recommend improvements.
• Prepare and deliver regular risk reports, dashboards, and presentations to internal and external stakeholders, highlighting key risk trends, issues, and mitigation efforts.
• Analyze risk data from various sources to assess trends and develop predictive models for potential risks.
• Use data analytics and risk modeling tools to assess the financial, operational, and security impact of risks.
• Develop ad-hoc reports and presentations as required to support risk decision-making.
• Coordinate with internal and external auditors to support compliance assessments and resolve any risk-related findings.
• Provide training to internal teams on risk management processes, controls, and best practices.
• Participate in the development of risk management policies, procedures, and frameworks.
• Work with the risk management and compliance teams to enhance organizational risk culture and awareness.

Qualifications 

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

• 2+ years of Risk Management experience, working with security-centric risk management and compliance frameworks. Experience implementing (building and operationalizing) an industry accepted risk framework including but not limited to NIST Risk Management Framework, COSO Enterprise Risk Management, or ISO 31000.
• Ability to identify, analyze, and quantify risks from a technical perspective and experience implementing and operationalizing qualitative and quantitative risk analysis, including the performance, benefits, and when to use various types of analysis.
• Proven track record of managing risk assessments, risk registers, and compliance programs 
• Experience of working with technical security and Engineering / IT to implement technical risk/control solutions with the ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge.
• Biased towards automation and tooling to scale program impact and reach
• Excellent verbal, written, and interpersonal skills.
• Flexible and able to manage multiple projects under tight deadlines.
• Comfortable with ambiguity and adaptable to fast changing environments.
• Strategic thinker and problem solver with exceptional communication skills. 

Desired:

• Bachelor’s degree in Risk Management, Business, Finance, Cybersecurity, or a related field.
• Professional certifications (e.g., CRISC, CISA, CISSP, FRM) are a plus.
• Strong analytical and problem-solving skills with the ability to interpret complex data and present actionable insights.
• Excellent communication skills, with the ability to translate risk findings into clear, actionable recommendations for leadership.
• Proficient with risk management software and tools (e.g., RSA Archer, MetricStream, ServiceNow).
• Experience with project management and working across multiple teams and departments.
• Strategic Thinking: Ability to think critically about organizational risks and provide proactive recommendations.
• Attention to Detail: Ensuring thorough risk assessments and accurate reporting.
• Collaboration: Effectively working with internal and external stakeholders to mitigate risks.
• Leadership: Ability to take ownership of projects and lead initiatives in risk management processes.