Twitter, Inc. (NYSE: TWTR) is the best and fastest place to see what’s happening and what people are talking about all around the world. From breaking news and entertainment to sports and politics, from big events to everyday interests. If it’s happening anywhere, it’s happening first on Twitter. Twitter is where the full story unfolds with all the live commentary and where live events come to life unlike anywhere else. Twitter is available in more than 40 languages around the world. The service can be accessed at Twitter.com and on a variety of mobile devices. For more information, visit about.twitter.com

Who We Are:

The Security Governance, Risk & Compliance is a team within the InfoSec organization. The team helps manage security risk & control programs that enable us to identify, prioritize and triage security risks in a manner that achieves company goals in a responsible and secure manner as well as proactively arranges work to protect customers and our business from current and emerging threats. We accomplish this through programs and processes that provide aggregate and targeted assessments of risk and control, capture, and monitoring of risk treatment decisions.

As Head of Security GRC, you will have two main responsibilities: acting as a Staff Member to Twitter’s CISO and leading the GRC organization. Below you’ll find detailed expectations about each respective responsibility. 

What You’ll Do:

CISO Staff Member

• As a direct report to Twitter’s CISO you will be responsible for contributing to CISO leadership initiatives that include but are not limited to: Strategy, Org Structure, People Agenda, Culture, Partnerships, etc

• Represent the SGRC business plan and provide relevant updates to the CISO in various formats (weekly status, quarterly reporting, board docs, etc)

• Support InfoSec S&O initiatives

SGRC Team Lead

• Accountable for:

  • People Management of SGRC team

    • Hiring new talent to the team; coaching and cultivating existing talent; managing goals and performance effectively. 

    • Advocating for the health of your team and championing inclusion and diversity. Building strong brand and perception of your team internally

    • Thoughtfully designing the org as it continues to grow

  •  Team Strategy

    • Scope the Product + Service catalogue of the

    • Set Objective Key Results and Milestones for the org and its members

    • Resource Planning

    • Establish strong communication norms and cadences to share information, provide status updates, and build a strong team culture

General Responsibilities

• Lead and build a consensus vision for the SGRC team; maintain that over time by calibrating and re-thinking possibilities
• Self-assess SGRC process maturity to understand where we are and where we need to go. Help leads fill in the solution(s) and path.
• Guide leads to build, scale, and maintain effective operations and program management processes to service the team and the company.
• Analyze team performance metrics to understand operational workload to identify areas for improvements and/or recognition of success. 
• Understand and remain apprised of emerging business needs related to governance, risk management, and compliance domains in an advisory capacity.
• Drive Enterprise Risk Management thinking while partnering with related teams such as Legal, Engineering, Compliance, Audit, IT, and Physical Security.
• Performance management of the team: regular performance check-ins, goal management, promotion readiness, and celebration of wins.
• Makes risk decisions for the business that do not require CISO involvement as defined by process thresholds
• Fosters and builds great partnerships with key leadership (e.g., Privacy, Compliance, CorpSec, Audit) to ensure we are getting signal on our performance and identify new opportunities

Ideal Candidate:

• Is seen as a Security GRC domain expert with proven accomplishments within complex industries and/or companies similar to Twitter

• Has built or operated GRC processes from scratch and can articulate the milestones to accomplish GRC goals to move us along our maturity curve

• Proven experience at making risk treatment (e.g. risk acceptance) recommendations / decisions that adequately protect the business and its customers as well as enable the business

• Understands and champions the value of hiring diverse and inclusive teams 

• Provide program management leadership for successful deployment of Information Security GRC programs and projects

• Build productive and positive relationships across the organization at all levels to drive influence

• Partner across the Information Security organization to provide high value portfolio, program and project management support for critical programs

Education and Experience:

• 15+ years of relevant work experience.

• 5+ years managing a team

• Ability to convert strategic concepts into execution in a pragmatic manner

• Direct experience in providing vision, leadership and execution of portfolio and program management in fast-paced, complex and emergent technology environments.

We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer. We do not discriminate based on race, color, ethnicity, ancestry, national origin, religion, sex, gender, gender identity, gender expression, sexual orientation, age, disability, veteran status, genetic information, marital status or any legally protected status.

San Francisco applicants: Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.