Sr. Information Security Analyst
- Full-time
Company Description
Twitter is what’s happening and what people are talking about right now. For us, life's not about a job, it's about purpose. We believe real change starts with conversation. Here, your voice matters. Come as you are and together we'll do what's right (not what's easy) to serve the public conversation.
Job Description
Who We Are
The Information Security (InfoSec) organization advances the overall state of security at Twitter
through critical initiatives and coordination of large security projects. InfoSec builds technologies, tools, and processes to better enable teams at Twitter to develop secure software and protect data and systems with appropriate security controls. InfoSec also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties securely protect Twitter information. This role will be part of the Security Governance, Risk & Compliance (SGRC) team which focuses on building out and supporting a security risk management oversight function.
What You’ll Do
Help us elevate and accelerate the maturity of our risk management capabilities by assisting with prioritized activities related to our SGRC strategy (e.g., risk & control assessment design, execution and tooling, policy & procedure creation and maintenance, policy compliance, merger & acquisition due diligence). You will be tasked with assisting with solution identification and design and operational tasks to achieve objectives.
Who You Are
You likely have participated in these types of programs previously at sophisticated organizations, and have a track record of crafting solutions that are scalable and durable. The successful candidate will need to build and maintain strong cross-functional relationships across the company to help with consensus, expectation setting, training and awareness, and promote consistency and improvement in our processes. To achieve this you must have excellent collaboration, communication, and decision making skills.
Qualifications
- Minimum 6+ years of related work experience in Information Security GRC or relevant Audit or Compliance roles
- Have contributed to security and/or operational risk processes within a company with a modern risk oversight function
- Have experience with the operation of risk & control assessments to target different levels of information
- Have knowledge of common security risks, vulnerabilities, and threats and can escort these issues through triage / risk treatment conversations
- Knowledge of information security and risk management methodologies and frameworks such as ISO 27002, SOX, COBIT, NIST, GDPR, PCI-DSS, SOC 2
- Able to discuss issues at technical and business levels with audiences of various backgrounds
Additional Information
All your information will be kept confidential according to EEO guidelines.