Senior Manager, Security Risk

Who we are 

At Twilio, we’re shaping the future of communications, all from the comfort of our homes. We deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences.

Our dedication to remote-first work, and strong culture of connection and global inclusion means that no matter your location, you’re part of a vibrant team with diverse experiences making a global impact each day. As we continue to revolutionize how the world interacts, we’re acquiring new skills and experiences that make work feel truly rewarding. Your career at Twilio is in your hands.

We use Artificial Intelligence (AI) technologies to maintain an efficient, fair and transparent hiring process. Our hiring process is never completely automated, and uses AI in conjunction with our recruiting professionals.

See yourself at Twilio

Join the team as Twilio’s next Senior Manager, Security Risk Management

About the job

Twilio is looking for a dynamic, hands-on Senior Manager of Security Risk Management to lead and evolve our global risk function. This role is designed for a strategic thinker who isn't afraid to roll up their sleeves and contribute as an individual performer while managing a high-performing, distributed team. You will be responsible for navigating a complex microservices environment of hybrid cloud and on-premise telecommunications infrastructure, ensuring our security risk approach is pragmatic, scalable, and deeply integrated into the R&D and IT lifecycles.

The ideal candidate thrives in fast-paced, high-growth environments and can pivot quickly to address emerging threats or regulatory shifts. You will be a key partner to our Engineering, Product, and IT and Security teams, helping to mature our risk assessment and reporting capabilities to meet an increasingly complex global regulatory and evolving threat landscape.

Responsibilities

In this role, you’ll:

• Program Leadership & People Management: Lead, mentor, and grow a team of international and domestic risk analysts.
• Foster a culture of excellence, accountability, and continuous professional development.
• Hands-on Risk Assessment: Conduct and oversee complex risk assessments across microservices architectures, cloud-native environments, and legacy on-premise telecommunications systems.
• Integrating compliance control requirements into the risk management process. 
  Strategic Framework Implementation: Operationalize and mature the One Twilio Risk Management framework leveraging risk management frameworks (NIST RMF, ISO 27005, etc.) with a specific focus on emerging areas like AI Risk, Data Governance, Privacy, Reliability, and Observability. 
• Advanced Reporting: Develop and deliver high-impact, executive-level risk reporting. You must be able to translate technical vulnerabilities into business risk, providing leadership with the "so-what" and actionable insights to drive investment.
• Workflow Optimization: Identify and design efficient process workflows within Jira and GRC tools to automate risk intake, tracking, and remediation, ensuring seamless integration with R&D and IT workstreams.
• Pragmatic Problem Solving: Deliver "outside the box" based risk solutions that balance risk mitigation with business velocity. Ensure the security organization is viewed as an enabler, not a blocker.
• Stakeholder Management: Act as a primary point of contact for external auditors and regulators, clearly articulating Twilio’s risk posture and the effectiveness of our controls.

Qualifications 

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

*Required 

• Experience: 8+ years in Cybersecurity or Information Security, with at least 4+ years in a people management role leading international teams. A "no-ego" approach to leadership; someone who is comfortable "taking the heat" for the program while giving credit to the team for successes.
• Negotiation & Diplomacy: The ability to navigate high-tension situations finding the "win-win" middle ground.
• Technical Domain Expertise: Deep understanding of hybrid cloud environments (AWS/GCP), on-premise infrastructure, and microservices. Experience in the Telecommunications sector is highly preferred. 
• Framework Fluency: Proven track record of implementing and maturing risk frameworks such as NIST RMF, ISO 3100. Specific experience in AI Risk Management or Data Governance frameworks is a significant plus.
• Tooling Mastery: Power-user level proficiency in Jira (for workflow orchestration) and experience with security tooling (e.g., Wiz, Orca, Snyk) and GRC platforms (e.g., LogicGate, Jira, Archer, ServiceNow).
• Strategic Mindset: Ability to pivot quickly between tactical "firefighting" and long-term strategic planning. You must be able to identify which risks are the most valuable to report on at any given time. 
• Communication: Exceptional written and verbal communication skills, with a proven ability to present complex risk topics to non-technical executive audiences. Ability to highlight and report on shared risk responsibility is key. 
• Adaptability: Proven ability to adapt to a specific company culture while driving necessary change and maturity.

*Desired:

• This role will have a deep fascination with how AI is changing the threat landscape and have ideas on how to govern it without stifling innovation.
• Familiarity with the NIST AI RMF or ISO 42001 and the ability to assess the risks of data leakage and prompt injection in internal AI tools.
• Risk Appetites & Tolerance Modeling: Ability to move beyond "High/Medium/Low" to help the business define and document specific risk appetite statements that guide engineering trade-offs.
• Cost-Benefit Analysis: Skill in quantifying the cost of a security control versus the value of the risk it mitigates, ensuring pragmatic investment.This individual will  understand that a perfect security score is impossible and instead focus on 'Intelligent Risk Taking' that keeps the company safe while it scales.
• Threat Modeling:  Experience integrating threat modeling into the early stages of a CI/CD pipeline rather than performing assessments after production.
• Infrastructure as Code (IaC) Familiarity: Understanding how risk is managed in automated environments (Terraform, Pulumi) where "policy-as-code" can be implemented.
• Product Security Mindset: Experience working with Product Managers to prioritize security features in a roadmap alongside revenue-generating features.

Location

This role will be remote and based in Ontario, British Columbia or Alberta, Canada. 

Travel 

We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.

What We Offer 

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. Based on role, employees may also be eligible for additional compensation and benefits, including but not limited to incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off.

Compensation

The estimated pay ranges for this role are as follows:

• Based in British Columbia. $160,320 - $200,400 CAD  
• Target Bonus Percentage 17.50%

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.

Applications for this role are intended to be accepted until June 20, 2026, but may change based on business needs.

Twilio thinks big. Do you?

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now! If this role isn't what you're looking for, please consider other open positions.

Twilio is proud to be an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.