Information Security Risk Analyst II
Who We Are
The Information Security (InfoSec) organization plays a key role within the trust and security program. InfoSec partners with teams across the organization, supporting their ability to make strategic decisions informed by authoritative security analysis. The Security Risk Management team focuses on building processes and methodologies for evaluating security risk throughout Twitter as well as driving efforts to advance the level of maturity of Twitter’s information security posture.
What You’ll Do
The Security Risk Analyst will report to the Information Security & Risk Program Manager and will work with cross functional teams including Information Security, IT, Engineering, Legal, Privacy, Strategic Sourcing, Internal Audit, and various other teams in the organization. You will help Twitter evaluate its security risks, security compliance obligations and help recommend mitigation strategies that align with our business goals, core values, and overall objectives to protect the confidentiality, integrity, and availability of Twitter’s information systems and data. In this role, you will contribute to security-related initiatives including IT Security Risk Assessments, Third-Party Security Management, Security Risk & Issue Management, Security Risk Metrics & Reporting, and Compliance as well as various other programs. Primary responsibilities include:
- Performing various security risk & control assessments against common security frameworks to ensure compliance with Twitter’s Information Security Policy & Standards, various regulations, and best practices (e.g., ISO 2700x, PCI DSS, SOX, NIST, COBIT)
- Performing vendor risk reviews of 3rd party products and services used by Twitter
- Identifying opportunities to reduce risk and associated remediation options (e.g., acceptance or mitigation)
- Facilitating monitoring & reporting of risk remediation tasks and any changes related to risk mitigation strategies
- Designing security risk metrics & reporting for management
- Assisting in IT audits, risk assessments, and regulatory compliance initiatives, as needed
Who You Are
- A critical thinker, passionate, self-driven, and detail-oriented
- Have the technical and personal capability to partner with tech and business leads across the organization
- Are able to discuss issues at technical and business levels with audiences of various backgrounds
- Have knowledge of common security risks, attacker methodologies, common attack tools and patterns
- Are familiar with common audit and risk management methodologies
- Have experience working with GRC products
- Bachelor degree in Information Security, Computer Science, Management Information Systems or related field preferred
- Minimum 3+ years of related work experience in Information Security GRC or relevant Audit or Compliance roles at a public accounting/consulting firm or within a public company
- Able to communicate relevant information clearly and concisely both verbally and in writing
- Able to work independently on multi-task assignments in a fast-paced environment
- Prior experience with information security frameworks (i.e. ISO 27001/2, SOX IT Controls, COBIT, SOC 2 Trust Principles, PCI DSS, NIST 800-53/CSF)
- Prior experience with conducting and analyzing security risk assessments at large complex organizations
- Professional certifications in Information Security or Risk Management (e.g., CISA, CISM, CRISC, or CISSP)
Engineering Hiring Process
Once your application is received, a recruiter will reach out pending your qualifications are a match for the role.
If your background is a match, you may have 1-2 technical phone interviews or be given the chance to provide a work sample depending on the role.
If the phone interviews go well or your work sample is strong, the final step includes interviews with 5-6 people held onsite in our office.
We're the People Team @Twitter. We're hiring service, purpose-driven people who are creative and move fast. All things Twitter Careers! #LoveWhereYouWork
We're your one stop shop for anything University related. That means campus outreach, student advice/tips, & of course, our University Recruiting efforts!