Senior Analyst, Security Compliance

Who we are 

At Twilio, we're shaping the future of communications, all from the comfort of our homes. We deliver innovative solutions to hundreds of thousands of businesses and empower millions of developers worldwide to craft personalized customer experiences.

Our dedication to remote-first work, and strong culture of connection and global inclusion means that no matter your location, you're part of a vibrant team with diverse experiences making a global impact each day. As we continue to revolutionize how the world interacts, we're acquiring new skills and experiences that make work feel truly rewarding. Your career at Twilio is in your hands.

We use Artificial Intelligence (AI) technologies to maintain an efficient, fair and transparent hiring process. Our hiring process is never completely automated, and uses AI in conjunction with our recruiting professionals.

See yourself at Twilio

Join the team as Twilio's next Senior Security Compliance Analyst.

About the job

We are actively recruiting for this role to fill an existing vacancy. As a Senior Security Compliance Analyst, you will be an integral strategist within our Security Compliance organization, dedicated to maturing our compliance posture and fostering a culture of "Security by Design." You will serve as the primary lead for our HIPAA Security Compliance program, overseeing both our existing product portfolio and our high-growth innovation pipeline. This is a high-visibility role that transcends traditional auditing. You will act as a trusted advisor to our Product and Engineering teams, ensuring our technology meets stringent regulatory requirements and security baselines.

You will drive the mission to reduce organizational risk through rigorous gap assessments and proactive advisory services. You are expected to be a master of project execution, seamlessly navigating cross-functional landscapes to represent the HIPAA program to leadership and stakeholders. Beyond execution, you will be the voice of the program's success—leveraging data to build executive-level dashboards and metrics that clearly communicate risk burndown and the strategic value the Compliance team delivers to the Enterprise.

We are looking for someone who is as comfortable diving into technical security controls as they are presenting a compliance roadmap to executive stakeholders. If you are passionate about building scalable security programs in a fast-paced, dynamic environment, this role is for you.

Responsibilities

In this role, you'll:

• Orchestrate the end-to-end lifecycle of complex security compliance initiatives, ensuring adherence to project milestones and alignment with organizational OKRs.
• Proactively identify and neutralize project bottlenecks, leveraging advanced problem-solving skills to maintain momentum in a fast-paced environment.
• Lead comprehensive HIPAA Security Rule assessments to determine organizational readiness for HIPAA eligibility, including identifying critical controls and performing design and effectiveness testing.
• Translate complex technical gaps into context-relevant, actionable remediation strategies for a diverse group of stakeholders, from Engineering to Legal.
• Govern remediation workflows, ensuring that security gaps are closed in alignment with product release timelines and the broader risk appetite of the business.
• Help build scalable security control frameworks and continuous monitoring programs that enhance the security posture across a diverse portfolio of products and domains.
• Serve as a Subject Matter Expert (SME) on HIPAA and other security compliance frameworks, collaborating with technical teams to implement automated controls and telemetry that reduce manual compliance overhead.
• Partner with Product and Engineering to advise on "Security by Design" principles, ensuring new features and architecture patterns meet HIPAA and internal security baselines.
• Drive operational excellence by optimizing assessment methodologies and project management tooling to deliver standardized, data-driven reporting for executive leadership.

Qualifications 

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table

*Required:

• 5+ years of Security Compliance, Audit, or Risk Management experience, ideally working with internal or external customers to ensure products are HIPAA compliant / eligible. This can be complemented by experience working with security-centric risk management or compliance frameworks such as ISO/IEC 27001, PCI DSS, SOC2, FedRAMP, NIST 800-53, etc.
• 2+ years of working with technical security and Engineering / IT to implement technical control solutions (preferably within code deployment pipelines and public cloud solutions). Ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge.
• 2+ years of project management experience in security or another technical field, including defining overall project scope, creating milestones, tracking project performance with metrics, and communicating project status to management, including escalation of risks.
• 2+ years of working with technical security and Engineering / IT to implement technical control solutions (preferably within code deployment pipelines and public cloud solutions). Ability to interpret control requirements and relay those to different stakeholder groups with strong technical knowledge.
• Ability to work in a dynamic, fast-paced environment that requires constant prioritization.
• Demonstrate strong verbal and written communication skills, and ability to translate complex technical or security requirements or risks into business language that can be understood by various audiences.
• Ability to think critically and solve problems, create win-win solutions.  

Desired:

• Experience and familiarity with cloud security techniques and working with public cloud solutions including but not limited to AWS and GCP.
• Experience and familiarity with securing code deployment pipelines and Infrastructure as Code (IaC).
• CISA, CISM, GIAC, CISSP or other Information Security related certification is highly preferred.

Location

 This role will be remote and based in Ontario, British Columbia or Alberta, Canada.

Travel 

We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.

What We Offer

Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. Based on role, employees may also be eligible for additional compensation and benefits, including but not limited to incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off.

The estimated pay ranges for this role are as follows:

• $99,760 - $124,700
• Target Bonus Percentage 12,50% (When Applicable)

The successful candidate's starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location. 

Twilio thinks big. Do you?

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to unleash your full potential, do your best work, and be the best version of yourself, apply now If this role isn't what you're looking for, please consider other open positions.

Twilio is proud to be an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Additionally, Twilio participates in the E-Verify program in certain locations, as required by law.