Information Security Analyst

Who we are 

At Twilio, we’re shaping the future of communications, all from the comfort of our homes. We deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences.

Our dedication to remote-first work, and strong culture of connection and global inclusion means that no matter your location, you’re part of a vibrant team with diverse experiences making a global impact each day. As we continue to revolutionize how the world interacts, we’re acquiring new skills and experiences that make work feel truly rewarding. Your career at Twilio is in your hands.

We use Artificial Intelligence (AI) to help make our hiring process efficient, fair, and transparent, but automation never makes the final call. Every hiring decision is made by real Twilions, ensuring a human touch at every step.

.

See yourself at Twilio

Join the team as Twilio’s next Information Security Analyst (Risk Management) 

About the job

Twilio is seeking a high-impact Senior Security Risk Management Analyst to serve as a primary driver in maturing our global risk function. This is a role for a technical "doer" who thrives on solving complex puzzles within a modern ecosystem of hybrid cloud, microservices, and global telecommunications infrastructure. You will be responsible for the full lifecycle of risk—from daily ticket analysis to executing deep-dive assessments and building the automated workflows that allow our One Twilio Risk program to scale.

The ideal candidate is a Jira power-user with a "product security" mindset—someone who understands that the most effective risk management is integrated directly into the developer workflow. You are someone who proactively fills knowledge gaps, and possesses the strategic vision to aid in further maturing our risk management practices. 

Responsibilities

In this role, you’ll:

• Risk Assessment & Analysis: Conduct day-to-day risk ticket analysis and lead in-depth assessments of product launches and infrastructure changes to identify and quantify security, IT, and R&D risks.
• Framework Tailoring: Further operationalize and mature the One Twilio Risk Management framework leveraging risk management frameworks (NIST RMF, ISO 27005, etc.) with a specific focus on emerging areas like AI Risk, Data Governance, Privacy, Reliability, and Observability.
• Workflow Automation: Build and optimize automated workflows that bridge the gap between compliance requirements and engineering productivity.
• Strategic Triage: Layer compliance frameworks into the risk process, providing a unified view of how regulatory and compliance obligations impact our technical risk landscape.
• Risk Communication: Articulate the "big picture" of risk impact to stakeholders at all levels, from engineering teams to executive leadership, using data-driven reporting.
• Pragmatic Problem Solving: Implement security risk solutions that are practical and effective, ensuring risk management is a business enabler rather than a bottleneck.

Qualifications 

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

*Required 

• Experience: 5+ years of direct experience in Security Risk Management, with a proven track record of building and operationalizing industry-accepted risk frameworks (e.g., NIST RMF, COSO ERM, or ISO 31000).
• Technical Domain Expertise: Broad understanding of security architecture, networking, access control, software development, cryptography, and operations. You should be fluent in how security controls are implemented across applications, systems, and cloud platforms to reduce inherent risk.
• Risk Methodology: Strong understanding of both qualitative and quantitative risk analysis, including the performance, benefits, and strategic application of various analysis types.
• Stakeholder Partnership: Ability to collaborate with technical Security, Engineering, and IT teams to implement technical risk solutions and interpret control requirements for diverse stakeholder groups.
• Tooling & Automation: A strong bias toward automation and tooling to scale program impact; advanced proficiency in Jira for workflow orchestration is highly desired.
• Adaptability: Comfortable with ambiguity and highly adaptable to fast-changing, high-growth environments.
• Technical Domain Expertise: Deep understanding of hybrid cloud environments (AWS/GCP), on-premise infrastructure, and microservices. Experience in the Telecommunications sector is highly preferred. 
• Strategic Mindset: Ability to pivot quickly between tactical "firefighting" and long-term strategic planning. You must be able to identify which risks are the most valuable to report on at any given time. 
• Communication: Exceptional written and verbal communication skills, with a proven ability to present complex risk topics to non-technical executive audiences. Ability to highlight and report on shared risk responsibility is key. Must be able to manage multiple projects under tight deadlines.

*Desired:

• High-Octane Individual Contributor: You are a self-starter who takes pride in being a "force multiplier." You have a proven ability to produce high-quality, audit-ready deliverables with minimal oversight.
• Master of Multi-Tasking: Exceptional organizational skills with the ability to context-switch effectively, managing a high volume of concurrent projects and tickets without sacrificing depth or accuracy.
• Collaborative Partner: You don't work in a silo. You are skilled at building bridges across R&D, Security, and IT, ensuring that risk management is integrated as a seamless partner.
• Efficiency Expert: You are constantly looking for ways to optimize your own output and team processes, turning manual, repetitive tasks into streamlined, automated successes.
• Executive Presence: Ability to distill granular technical findings into concise, high-level summaries that drive decision-making at the leadership level.

Location

This role will be remote and based in Ontario, British Columbia or Alberta, Canada. 

Travel

We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.

What We Offer

Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. Based on role, employees may also be eligible for additional compensation and benefits, including but not limited to incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off.

The estimated pay ranges for this role are as follows:

• $120,640 - 150,800 CAD
• Target Bonus Percentage: 15% 

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.

Twilio thinks big. Do you?

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now! If this role isn't what you're looking for, please consider other open positions.

Twilio is proud to be an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.