Senior Security Risk Analyst - Risk Management

Locations

San Francisco, New York City, Remote US

This role accepts applications for work in the locations as noted above. Roles listing 'Remote US' as a location are not currently available in the following states: Colorado, Iowa, and Louisiana.

Company description

Twitter serves the public conversation by encouraging people all over the world to connect, learn, debate, and solve problems together. We believe conversation can change the world, and that’s why Tweeps (that’s what we call Twitter employees) come to work every day.

Job description

Who We Are

The Information Security (InfoSec) organization advances the overall state of security at Twitter through critical initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Twitter to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties securely protect Twitter information. This role will be part of the Security Risk Management team which focuses on building out and supporting a security risk oversight function.

What You’ll Do

  • Contribute to building and operating our security risk management processes: risk assessment design and execution, risk treatment, issue and action management portfolio oversight, insight analysis, and reporting

  • Shepherd conversations around the impact and likelihood of an identified risk and suggest plans of action

  • Build and maintain strong cross-functional relationships across the organization to help with expectation setting, training and awareness, and promote consistency and improvement in our processes

  • Assist with identification and operation of Governance Risk and Compliance (GRC) tooling to support risk management processes

  • Advise and collaborate with SMEs, including Audit & Compliance, teams to ensure design and testing of security controls are aligned with leading best practices and executed effectively to manage risk

  • Find opportunities to continuously improve the program through innovation with tangible value to the organization

  • Help support various parts of the organization to adopt a common risk management process, this may include joining other projects adjacent to our Security Risk Management program objectives

  • Be an inspiring leader in Information Security and align initiatives with business objectives of the company

Qualifications

Who You Are

  • A critical problem solver, detailed oriented, and highly motivated self-starter with a passion for constant learning & improvement

  • Able to communicate relevant information clearly and concisely, both verbally and in writing

  • Able to work efficiently with minimal oversight/direction and collaborate effectively in cross functional projects

  • Have knowledge of common security risks, vulnerabilities, and threats and solid experience in escorting these issues through risk analysis / treatment / mitigation processes

  • Able to discuss issues at technical and business levels with audiences of various backgrounds 

  • Willing to advocate for the security of Twitter users and communicate why security decisions are important to other internal teams

  • Have great people skills and able to flourish under pressure and ambiguity in a fast-paced team environment

Additional information

You want to be part of a community of the most talented, forward-thinking engineers in the industry. You take satisfaction in building resilient, performant, and thoroughly tested distributed systems that can power the most business-critical applications. You want to learn, work with, and contribute to cutting-edge open-source technologies. The ideal candidate has experience with and/or history of contributions to Hadoop, Spark, Hive, Scalding, Parquet, or similar technologies. You have experience in distributed systems, database internals, and/or performance analysis. We are a diverse team that values diverse thinking!

Engineering hiring process
Step 1

Once your application is received, a recruiter will reach out pending your qualifications are a match for the role.

Step 2

If your background is a match, you may have 1-2 technical phone interviews or be given the chance to provide a work sample depending on the role.

Step 3

If the phone interviews go well or your work sample is strong, the final step includes interviews with 5-6 people via a video conference call.

Application

Read Twitter's Applicant and Candidate Privacy Policy here.

U.S. Equal Employment Opportunity information (Completion is voluntary)
Voluntary Information
Privacy and data