Senior Analyst - Security Compliance
See yourself at Twilio
Join the team as Twilio’s next Senior Security Compliance Analyst.
About the job
As a Senior Security Compliance Analyst, you will be an integral strategist within our Security Compliance organization, dedicated to maturing our compliance posture and fostering a culture of 'Security by Design.' You will serve as the primary lead for our HIPAA Security Compliance program, overseeing both our existing product portfolio and our high-growth innovation pipeline. This is a high-visibility role that transcends traditional auditing. You will act as a trusted advisor to our Product and Engineering teams, ensuring our technology meets stringent regulatory requirements and security baselines.
You will drive the mission to reduce organizational risk through rigorous gap assessments and proactive advisory services. You are expected to be a master of project execution, seamlessly navigating cross-functional landscapes to represent the HIPAA program to leadership and stakeholders. Beyond execution, you will be the voice of the program’s success—leveraging data to build executive-level dashboards and metrics that clearly communicate risk burndown and the strategic value the Compliance team delivers to the Enterprise.
We are looking for someone who is as comfortable diving into technical security controls as they are presenting a compliance roadmap to executive stakeholders. If you are passionate about building scalable security programs in a fast-paced, dynamic environment, this role is for you.
Responsibilities
In this role, you’ll:
Orchestrate the end-to-end lifecycle of complex security compliance initiatives, ensuring adherence to project milestones and alignment with organizational OKRs.
Proactively identify and neutralize project bottlenecks, leveraging advanced problem-solving skills to maintain momentum in a fast-paced environment.
Lead comprehensive HIPAA Security Rule assessments to determine organizational readiness for HIPAA eligibility, including identifying critical controls and performing design and effectiveness testing.
Translate complex technical gaps into context-relevant, actionable remediation strategies for a diverse group of stakeholders, from Engineering to Legal.
Govern remediation workflows, ensuring that security gaps are closed in alignment with product release timelines and the broader risk appetite of the business.
Help build scalable security control frameworks and continuous monitoring programs that enhance the security posture across a diverse portfolio of products and domains.
Serve as a Subject Matter Expert (SME) on HIPAA and other security compliance frameworks, collaborating with technical teams to implement automated controls and telemetry that reduce manual compliance overhead.
Partner with Product and Engineering to advise on 'Security by Design' principles, ensuring new features and architecture patterns meet HIPAA and internal security baselines.
Drive operational excellence by optimizing assessment methodologies and project management tooling to deliver standardized, data-driven reporting for executive leadership.
Qualifications
Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!
*Required:
5+ years of Security Compliance, Audit, or Risk Management experience, ideally working with internal or external customers to ensure products are HIPAA compliant / eligible. This can be complemented by experience working with security-centric risk management or compliance frameworks such as ISO/IEC 27001, PCI DSS, SOC2, FedRAMP, NIST 800-53, etc.
2+ years of working with technical security and Engineering / IT to implement technical control solutions (preferably within code deployment pipelines and public cloud solutions). Ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge.
2+ years of project management experience in security or another technical field, including defining overall project scope, creating milestones, tracking project performance with metrics, and communicating project status to management, including escalation of risks.
2+ years of working with technical security and Engineering / IT to implement technical control solutions (preferably within code deployment pipelines and public cloud solutions). Ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge.
Ability to work in a dynamic, fast-paced environment that requires constant prioritization.
Demonstrate strong verbal and written communication skills, and ability to translate complex technical or security requirements or risks into business language that can be understood by various audiences.
Ability to think critically and solve problems, create win-win solutions.
Desired:
Experience and familiarity with cloud security techniques and working with public cloud solutions including but not limited to AWS and GCP.
Experience and familiarity with securing code deployment pipelines and Infrastructure as Code (IaC).
CISA, CISM, GIAC, CISSP or other Information Security related certification is highly preferred.
Location
This role will be remote and based in Ontario, British Columbia or Alberta, Canada.
Travel
We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.
What We Offer
Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. Based on role, employees may also be eligible for additional compensation and benefits, including but not limited to incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off.
The estimated pay ranges for this role are as follows:
$99,760 - $124,700
Target Bonus Percentage 12,50% (When Applicable)
The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.
About the job
Apply for this position
Senior Analyst - Security Compliance
See yourself at Twilio
Join the team as Twilio’s next Senior Security Compliance Analyst.
About the job
As a Senior Security Compliance Analyst, you will be an integral strategist within our Security Compliance organization, dedicated to maturing our compliance posture and fostering a culture of 'Security by Design.' You will serve as the primary lead for our HIPAA Security Compliance program, overseeing both our existing product portfolio and our high-growth innovation pipeline. This is a high-visibility role that transcends traditional auditing. You will act as a trusted advisor to our Product and Engineering teams, ensuring our technology meets stringent regulatory requirements and security baselines.
You will drive the mission to reduce organizational risk through rigorous gap assessments and proactive advisory services. You are expected to be a master of project execution, seamlessly navigating cross-functional landscapes to represent the HIPAA program to leadership and stakeholders. Beyond execution, you will be the voice of the program’s success—leveraging data to build executive-level dashboards and metrics that clearly communicate risk burndown and the strategic value the Compliance team delivers to the Enterprise.
We are looking for someone who is as comfortable diving into technical security controls as they are presenting a compliance roadmap to executive stakeholders. If you are passionate about building scalable security programs in a fast-paced, dynamic environment, this role is for you.
Responsibilities
In this role, you’ll:
Orchestrate the end-to-end lifecycle of complex security compliance initiatives, ensuring adherence to project milestones and alignment with organizational OKRs.
Proactively identify and neutralize project bottlenecks, leveraging advanced problem-solving skills to maintain momentum in a fast-paced environment.
Lead comprehensive HIPAA Security Rule assessments to determine organizational readiness for HIPAA eligibility, including identifying critical controls and performing design and effectiveness testing.
Translate complex technical gaps into context-relevant, actionable remediation strategies for a diverse group of stakeholders, from Engineering to Legal.
Govern remediation workflows, ensuring that security gaps are closed in alignment with product release timelines and the broader risk appetite of the business.
Help build scalable security control frameworks and continuous monitoring programs that enhance the security posture across a diverse portfolio of products and domains.
Serve as a Subject Matter Expert (SME) on HIPAA and other security compliance frameworks, collaborating with technical teams to implement automated controls and telemetry that reduce manual compliance overhead.
Partner with Product and Engineering to advise on 'Security by Design' principles, ensuring new features and architecture patterns meet HIPAA and internal security baselines.
Drive operational excellence by optimizing assessment methodologies and project management tooling to deliver standardized, data-driven reporting for executive leadership.
Qualifications
Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!
*Required:
5+ years of Security Compliance, Audit, or Risk Management experience, ideally working with internal or external customers to ensure products are HIPAA compliant / eligible. This can be complemented by experience working with security-centric risk management or compliance frameworks such as ISO/IEC 27001, PCI DSS, SOC2, FedRAMP, NIST 800-53, etc.
2+ years of working with technical security and Engineering / IT to implement technical control solutions (preferably within code deployment pipelines and public cloud solutions). Ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge.
2+ years of project management experience in security or another technical field, including defining overall project scope, creating milestones, tracking project performance with metrics, and communicating project status to management, including escalation of risks.
2+ years of working with technical security and Engineering / IT to implement technical control solutions (preferably within code deployment pipelines and public cloud solutions). Ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge.
Ability to work in a dynamic, fast-paced environment that requires constant prioritization.
Demonstrate strong verbal and written communication skills, and ability to translate complex technical or security requirements or risks into business language that can be understood by various audiences.
Ability to think critically and solve problems, create win-win solutions.
Desired:
Experience and familiarity with cloud security techniques and working with public cloud solutions including but not limited to AWS and GCP.
Experience and familiarity with securing code deployment pipelines and Infrastructure as Code (IaC).
CISA, CISM, GIAC, CISSP or other Information Security related certification is highly preferred.
Location
This role will be remote and based in Ontario, British Columbia or Alberta, Canada.
Travel
We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.
What We Offer
Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. Based on role, employees may also be eligible for additional compensation and benefits, including but not limited to incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off.
The estimated pay ranges for this role are as follows:
$99,760 - $124,700
Target Bonus Percentage 12,50% (When Applicable)
The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.