Information Security Risk Analyst II

San Francisco, CA

Who We Are

The Information Security (InfoSec) organization plays a key role within the trust and security program.  InfoSec partners with teams across the organization, supporting their ability to make strategic decisions informed by authoritative security analysis.  The Security Risk Management team focuses on building processes and methodologies for evaluating security risk throughout Twitter as well as driving efforts to advance the level of maturity of Twitter’s information security posture.


What You’ll Do

The Security Risk Analyst will report to the Information Security & Risk Program Manager and will work with cross functional teams including Information Security, IT, Engineering, Legal, Privacy, Strategic Sourcing, Internal Audit, and various other teams in the organization.  You will help Twitter evaluate its security risks, security compliance obligations and help recommend mitigation strategies that align with our business goals, core values, and overall objectives to protect the confidentiality, integrity, and availability of Twitter’s information systems and data.  In this role, you will contribute to security-related initiatives including IT Security Risk Assessments, Third-Party Security Management, Security Risk & Issue Management, Security Risk Metrics & Reporting, and Compliance as well as various other programs. Primary responsibilities include:


  • Performing various security risk & control assessments against common security frameworks to ensure compliance with Twitter’s Information Security Policy & Standards, various regulations, and best practices (e.g., ISO 2700x, PCI DSS, SOX, NIST, COBIT)
  • Performing vendor risk reviews of 3rd party products and services used by Twitter
  • Identifying opportunities to reduce risk and associated remediation options (e.g., acceptance or mitigation)
  • Facilitating monitoring & reporting of risk remediation tasks and any changes related to risk mitigation strategies
  • Designing security risk metrics & reporting for management
  • Assisting in IT audits, risk assessments, and regulatory compliance initiatives, as needed


Who You Are

  • A critical thinker, passionate, self-driven, and detail-oriented
  • Have the technical and personal capability to partner with tech and business leads across the organization
  • Are able to discuss issues at technical and business levels with audiences of various backgrounds
  • Have knowledge of common security risks, attacker methodologies, common attack tools and patterns
  • Are familiar with common audit and risk management methodologies
  • Have experience working with GRC products


Requirements

  • Bachelor degree in Information Security, Computer Science, Management Information Systems or related field preferred
  • Minimum 3+ years of related work experience in Information Security GRC or relevant Audit or Compliance roles at a public accounting/consulting firm or within a public company
  • Able to communicate relevant information clearly and concisely both verbally and in writing
  • Able to work independently on multi-task assignments in a fast-paced environment
  • Prior experience with information security frameworks (i.e. ISO 27001/2, SOX IT Controls, COBIT, SOC 2 Trust Principles, PCI DSS, NIST 800-53/CSF)
  • Prior experience with conducting and analyzing security risk assessments at large complex organizations
  • Professional certifications in Information Security or Risk Management (e.g., CISA, CISM, CRISC, or CISSP)


Engineering Hiring Process

Step 1

Once your application is received, a recruiter will reach out pending your qualifications are a match for the role.

Step 2

If your background is a match, you may have 1-2 technical phone interviews or be given the chance to provide a work sample depending on the role.

Step 3

If the phone interviews go well or your work sample is strong, the final step includes interviews with 5-6 people held onsite in our office.

Application

Personal Information

This field is required.
This field is required.
This field is required.
This field is required.
Required field. PDFs only; max file size is 1MB.
Required field. PDFs only; max file size is 1MB.

U.S. Equal Opportunity Employment Information  (Completion is Voluntary)

At Twitter, we have a bold aspiration to reach every person on the planet. We believe that goal is more attainable with a team that understands and represents different cultures and backgrounds and we are committed to an inclusive and diverse Twitter.

This is where you come in! Please take a few minutes to provide us with your information. You are not required to provide this information and you may select “Decline to Disclose”. Your decision to provide information (or not) will not affect your employment or opportunities at Twitter.

Twitter is an equal opportunity employer. We do not discriminate based on race, color, ethnicity, ancestry, national origin, religion, sex, gender, gender identity, gender expression, sexual orientation, age, disability, veteran status, genetic information, marital status or any legally protected status.

You can view the ‘EEO is the Law’ poster here.

Twitter does not accept any unsolicited resumes from recruiting agencies and will not pay fees associated with any such resumes. Agencies, please do not send resumes to any Twitter location, employee, or email address.

Twitter, Inc. is committed to working with and providing access and reasonable accommodations to applicants with physical or mental disabilities. If you need an accommodation in order to apply for open job opportunities, please submit a description of your accommodation request to RARequest-Recruiting@twitter.com. This email is only for accommodation requests related to the application process.

Twitter cares about your privacy and protecting your data.  Please click the privacy policy link and acknowledge you have read and understood how Twitter treats your privacy and your data.  

Would you like to receive email communication from Twitter about career opportunities? You may unsubscribe at any time.
Applicant Data - You have a choice. Can we keep your personal data for both the job you are applying for and any other Twitter jobs that we feel you may be a match for? If you choose yes we will retain your personal data for a period of twelve months to consider you for other job opportunities at Twitter.
Analytics - May we use personal data from your resume and application to analyze and improve the Twitter hiring experience.
Success
Thanks for applying!
Error
Submission failed. Please make sure all fields are correctly formatted.

Don't see the right fit?

Check out other opportunities at Twitter.