Who We Are

The Security Governance, Risk & Compliance (GRC) team works across Twitter to organize risk governance organizational structures, methodologies, and processes that are commensurate with industry best practice but tailored to Twitter’s niche risk sensitivities. Security GRC capabilities allow Twitter to manage security risk & control programs that enable us to achieve company goals and better protect its customers and data in a responsible and proactive manner. We work with internal and external stakeholders to build and operate programs that last - including Information Security, IT, Engineering, Product, Strategy & Operations, Internal Audit, Legal, Privacy, etc. 

What You’ll Do

We are growing our GRC team to further mature our security program and ensure that processes across GRC are effective, sustainable, and scalable to manage security and compliance risks for the company. You will be responsible for process integration and driving implementation of enterprise GRC (eGRC) tooling supporting GRC programs to enable scalable, optimized, and unified activities and reporting. Your focus will be to ensure current and future state in-scope processes and requirements are developed, designing and implementing the GRC tooling strategy, and continued expansion of use cases for the platform in partnership with other enterprise teams.

As a Staff Security GRC Program Manager, you will:

• Mature the company’s Security GRC processes including security policies/standards, risk assessments, risk register, common controls and compliance, and issue management programs through development of complex process integration and tooling strategies

• Drive development of use cases and business requirements in close partnership with cross-functional stakeholders (GRC, Security, Privacy, Audit, Compliance, etc.) to fulfill all applicable solution needs

• Employ business analysis and solution skills to interpret business requirements/impacts to ensure the optimal tooling strategies are identified, designed and implemented to meet business needs.

• Lead functional and technical design for eGRC tooling based on business requirements and in-scope processes

• Act as the primary technical lead representing cross-functional GRC areas working with vendors and other external parties with respect to tooling needs and implementation

• Engage with other technical development teams as the main liaison for cross-platform integration requirements for GRC technologies

• Manage project and reporting activities related to eGRC tooling efforts

• Design and deliver end user training and support materials to support tool adoption

• Maintain and provide operational support for GRC technologies

• Continuously iterate on improvement opportunities to optimize GRC processes across the team and relevant stakeholders to maximize efficiency and scalability

Who You Are 

• Strong knowledge and experience running GRC/IRM tools and process integrations

• Strong knowledge of project planning and project management methods and tools

• A critical problem solver, detailed oriented, and highly motivated self-starter with a passion for constant learning & improvement 

• Able to communicate relevant information clearly and concisely, both verbally and in writing

• Able to work efficiently with minimal oversight/direction and collaborate effectively in cross functional projects

• Have good people skills and able to flourish under pressure and ambiguity in a fast-paced team environment

• Ability to multi-task and handle multiple projects at the same time

• Experience providing business/operations/technical consulting to senior leaders of organization

Requirements

• Bachelor degree in Information Security, Computer Science, Management Information Systems or related field preferred

• Minimum 10+ years of related work experience with hands-on experience architecting and designing GRC technologies/platforms. Must have foundational knowledge of GRC domains.

• Demonstrated success in introducing process improvements and automation for security / operational risk management teams at large complex organizations

• Experience with industry GRC products (e.g., ServiceNow, Archer, MetricStream or others)

• Preferred but not required:

  • Knowledge of relevant information security control frameworks, such as ISO 27002, SOC 2 Trust Services Criteria, PCI DSS, NIST Cyber Security Framework (CSF) / 800-53, CIS Critical Security Controls

  • Knowledge of relevant risk management frameworks, such as ISO 31000, NIST RMF, NIST 800-30, FAIR

  • Proficient with Atlassian products (Confluence, Jira) and G-Suite applications

We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran, genetic information, marital status or any other legally protected status.

San Francisco applicants: Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records