Principal Security Lead, Embedded Security

Join the team as our next Principal Security Lead. 

Twilio powers real-time business communications and data solutions that help companies and developers worldwide build better applications and customer experiences.

Although we're headquartered in San Francisco, we have presence throughout South America, Europe, Asia and Australia. We're on a journey to becoming a globally anti-racist, anti-oppressive, anti-bias company that actively opposes racism and all forms of oppression and bias. At Twilio, we support diversity, equity & inclusion wherever we do business. We employ thousands of Twilions worldwide, and we're looking for more builders, creators, and innovators to help drive our growth momentum.

This position is needed to harmonize and facilitate the information security strategy and program for the Data & Growth R&D macro-team.

The Principal Security Lead will partner with the R&D teams and related collaborators to improve the overall information security posture for the Data & Growth R&D macro-team, help drive key enterprise security initiatives, facilitate progress and reporting metrics, and ensure that macro-team products and associated infrastructure align with the enterprise security program. The Principal Security Lead will report directly to the macro-team’s Business Information Security Officer (BISO) with additional accountability to Data & Growth R&D Leaders.

In this role, you’ll:

• Engage directly with the macro-team R&D teams to understand, discuss, and advise on strategic priorities, concerns, and key security risks.
• Help coordinate and prioritize the work and resources for implementing enterprise security initiatives, including directing the embedded security team members.
• Be a trusted partner to the macro-team R&D teams and act in a consultative way to help the macro-team improve its security posture and adhere to enterprise security policies and expected controls.
• Engage directly with the centralized security teams to align with the long term enterprise security roadmap and proactively escalate macro-team operational issues.
• Champion Twilio’s enterprise security program within the respective macro-team, ensuring enterprise objectives and requirements are communicated and understood by macro-team partners.
• Maintain a good understanding of the macro-team products and supporting infrastructure environment (e.g., application stacks, infrastructure components, external facing footprint, etc.) to help appropriately manage the threat and risk landscape.
• Work proactively with macro-team leadership to ensure security, risk, and compliance is actively contemplated in the BU’s strategic objectives and BPMs.
• Facilitate regular, timely reporting of key security metrics from the respective macro-team.
• Engage directly with the appropriate teams to ensure new products, services, applications, third party or customer relationships, have been assessed for security risks and that identified risks are appropriately addressed.
• Facilitate the identification of assets to be monitored by the enterprise Security Incident Response Team (SIRT).
• Facilitate security risk assessments within the respective macro-team performed by the centralized Governance, Risk, and Compliance (GRC) team.
• Serve as the partner concern path for information security issues and inquiries.
• Work with the centralized GRC team and Security leadership to help resolve acceptable levels of risk for the respective macro-team, report on variances, and partner with macro-team R&D teams to ensure the execution of mitigation activities. 
• Proactively identify security deficiencies or opportunities for improvement within the respective macro-team and facilitate development of pragmatic solutions.

Not all applicants will have skills that match a job description exactly. Twilio values diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply. While having “desired” qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

Required:

• 7+ years in information security, IT audit, and/or IT/security risk management including 2+ years managerial or lead experience
• Experience with security risk assessments, IT audit, and GRC software (e.g., ServiceNow, Archer, ZenGRC, etc.)
• Experience leading security certification and attestation efforts, including execution of self-assessments, developing gap remediation strategies, and working with external auditors
• Familiarity with common security compliance, certification, and attestation frameworks and regulations (i.e. SOC 2, ISO 27001, HIPAA, SOX, HITRUST)
• Experience partnering with R&D/engineering teams in operationalizing security and privacy in infrastructure and customer-facing products
• Working knowledge of SaaS and cloud-native infrastructure

Desired:

• Good communication and social skills to build/maintain ongoing business relationships with all levels within an organization
• Demonstrated experience effectively leading and managing collaborative, multi-functional teams to successfully deliver programs and/or multiple projects on time and within budget based on agreed upon scope and business goals
• Good ability to influence or negotiate with partners dealing with contending priorities
• Capable of anticipating needs and driving clarity on expectations
• A solution-oriented approach, with the ability to exercise good professional judgment
• Strong project planning and prioritization skills, with the ability to respond quickly to a changing dynamic
• Hand-on technical experience with modern development languages and cloud-native infrastructure 
• Operational knowledge of customer data platforms (CDP)

Location 

This role will be remote, and based in the USA.

Approximately 10% travel is anticipated. 

There are many benefits to working at Twilio, including, in addition to competitive pay, things like generous time-off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location.

We like to solve problems, take initiative, pitch in when needed, and are always up for trying new things. That's why we seek out colleagues who embody our values — something we call Twilio Magic. Additionally, we empower employees to build positive change in their communities by supporting their volunteering and donation efforts.

So, if you're ready to spark your full potential, do your best work, and be the best version of yourself, apply now!

If this role isn't what you're looking for, please consider other open positions.

*Please note this role is open to candidates outside of Colorado as well. The information below is provided for those hired in Colorado only.

*If you are a Colorado applicant:

• The estimated pay range for this role, based in Colorado, is $176,080 - $220,100 
• Non-Sales: Additionally, this role is eligible to participate in Twilio's equity plan.

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state. This role is also eligible to participate in Twilio’s equity plan and for the following benefits: health care insurance, 401(k) retirement account, paid sick time, paid personal time off, paid parental leave.