Information Security Risk Analyst - Third Party Risk
Who We Are
Information Security builds technologies, tools and processes to better enable teams at Twitter to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties securely protect Twitter information. This role will be part of the Security Risk Management team which focuses on handling our 3rd party security processes.
What You’ll Do
- Figure out inherent risks of current and prospective third party products, services, and data partnerships
- Design and execute third party security assessments and prioritize control remediation as appropriate
- Build and maintain strong cross-functional relationships to help with expectation setting, training and awareness, and consistency in our review processes
- Build metrics that help educate internal organizational leaders on their third party’s information security profile
- Demonstrate strong knowledge in IT controls, risk assessments, and the design and testing of security controls
- Be an inspiring leader in Information Security and align initiatives with business objectives of the company
- Find opportunities to continuously improve the program through innovation with tangible value to the organization
- Chip in to other projects adjacent to this work within the Security Risk Management team
Who You Are
- Have worked in the third party security risk management space
- Have knowledge of common security risks, vulnerabilities, and threats
- Familiar with common audit and risk management methodologies
- A critical thinker, passionate, ambitious, and detail oriented
- Able to discuss issues at technical and business levels with audiences of various backgrounds
- Bachelor degree in Information Security, Computer Science, Management Information Systems or related field preferred
- Minimum 3+ years of related work experience in Information Security GRC or relevant Audit or Compliance roles
- Able to communicate relevant information clearly and concisely both verbally and in writing
- Able to work independently on multi-task assignments in a fast-paced environment
- Familiar with information security frameworks (e.g., ISO 27001/2, SOX IT Controls, COBIT, SOC 2 Trust Principles, PCI DSS, NIST 800-53/CSF)
- Prior experience with conducting and analyzing security risk assessments at large complex organizations
- Professional certifications in Information Security or Risk Management (e.g., CTPRA, CTPRP, CISA, CISM, CRISC, or CISSP)
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Engineering Hiring Process
Once your application is received, a recruiter will reach out pending your qualifications are a match for the role.
If your background is a match, you may have 1-2 technical phone interviews or be given the chance to provide a work sample depending on the role.
If the phone interviews go well or your work sample is strong, the final step includes interviews with 5-6 people held onsite in our office.