Senior Analyst, Security Compliance

Twilio Inc.

Job Overview

Location

Remote - Canada

Job Type

Full-time

Full Job Description

📋 Description

• As Twilio's next Senior Security Compliance Analyst, you will be a pivotal strategist within our Security Compliance organization, driving the maturation of our compliance posture and championing a "Security by Design" ethos across the company.
• This high-visibility role places you at the forefront of our HIPAA Security Compliance program, where you will be the primary lead responsible for overseeing both our established product portfolio and our rapidly growing innovation pipeline.
• You will transcend traditional auditing functions, acting as a trusted advisor to our Product and Engineering teams, ensuring that our cutting-edge technology consistently meets stringent regulatory requirements and robust security baselines.
• Your core mission will be to proactively reduce organizational risk through meticulous gap assessments and proactive advisory services, embedding security and compliance into the fabric of our development lifecycle.
• You are expected to be a master of project execution, adept at navigating complex cross-functional landscapes to effectively represent the HIPAA program to senior leadership and key stakeholders.
• Beyond execution, you will be the narrative architect of the program's success, leveraging data analytics to construct executive-level dashboards and key performance indicators that clearly articulate risk reduction progress and the strategic value delivered by the Compliance team to the broader enterprise.
• We are seeking an individual who is equally comfortable delving into the intricacies of technical security controls as they are presenting a comprehensive compliance roadmap to executive stakeholders.
• If you possess a passion for building scalable, impactful security programs within a fast-paced, dynamic, and remote-first environment, this role offers a unique opportunity to shape the future of secure communications.
• You will orchestrate the end-to-end lifecycle of complex security compliance initiatives, meticulously ensuring adherence to critical project milestones and seamless alignment with overarching organizational Objectives and Key Results (OKRs).
• Proactively identify and neutralize potential project bottlenecks, employing advanced problem-solving skills and strategic thinking to maintain critical momentum within our fast-paced operational tempo.
• Lead comprehensive HIPAA Security Rule assessments to rigorously determine organizational readiness for HIPAA eligibility, including the precise identification of critical controls and the execution of both design and effectiveness testing.
• Translate complex technical security gaps into context-relevant, actionable remediation strategies tailored for a diverse array of stakeholders, ranging from our Engineering teams to our Legal department.
• Govern and optimize remediation workflows, ensuring that identified security gaps are addressed and closed in strict alignment with product release timelines and the overarching risk appetite of the business.
• Contribute to the development and enhancement of scalable security control frameworks and sophisticated continuous monitoring programs designed to elevate the security posture across our diverse portfolio of products and business domains.
• Serve as a recognized Subject Matter Expert (SME) on HIPAA and other relevant security compliance frameworks, fostering close collaboration with technical teams to implement automated controls and telemetry solutions that significantly reduce manual compliance overhead.
• Partner strategically with Product and Engineering teams to embed "Security by Design" principles early in the development process, ensuring that all new features and architectural patterns rigorously meet HIPAA requirements and Twilio's internal security baselines.
• Drive operational excellence by continuously optimizing assessment methodologies and project management tooling, enabling the delivery of standardized, data-driven reporting that provides clear insights for executive leadership.
• This role is integral to Twilio's commitment to building trust with our customers by ensuring the highest standards of data protection and regulatory adherence.
• You will play a key role in fostering a proactive security culture, empowering teams to understand and integrate compliance requirements into their daily workflows.
• The position offers the chance to work with a leading-edge technology stack and contribute to solutions that impact millions of users globally.
• You will have the opportunity to mentor and guide junior team members, sharing your expertise and fostering professional growth within the security compliance domain.
• This is a remote position based in Canada, offering flexibility and the opportunity to work with a globally distributed team.

🎯 Requirements

• 5+ years of experience in Security Compliance, Audit, or Risk Management, with a strong focus on ensuring product HIPAA compliance or eligibility.
• 2+ years of experience working with technical security and Engineering/IT teams to implement technical control solutions, preferably within code deployment pipelines and public cloud environments (AWS, GCP).
• 2+ years of project management experience in a security or technical field, including defining scope, creating milestones, tracking performance, and communicating status to management.
• Demonstrated ability to interpret complex control requirements and effectively communicate them to diverse stakeholder groups with varying technical expertise.
• Proven ability to thrive in a dynamic, fast-paced environment requiring constant prioritization and adaptability.
• Strong verbal and written communication skills, with the ability to translate technical or security risks into clear, business-oriented language.
• Critical thinking and problem-solving skills, with a track record of creating effective, win-win solutions.
• Experience with other security-centric risk management or compliance frameworks such as ISO/IEC 27001, PCI DSS, SOC2, FedRAMP, or NIST 800-53 is highly desirable.
• A relevant Information Security certification (e.g., CISA, CISM, GIAC, CISSP) is a significant plus.

🏖️ Benefits

• Competitive salary and bonus structure.
• Generous paid time off (PTO) and holidays.
• Comprehensive health, dental, and vision insurance.
• Retirement savings program with company contributions.
• Ample parental and wellness leave.
• Opportunities for professional development and continuous learning.
• Remote-first work environment with flexibility.
• Collaborative and inclusive company culture.

Skills & Technologies

AWS

GCP

Senior

Remote

$99k-124k

Degree Required

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Twilio Inc.

Visit Website

About Twilio Inc.

Twilio Inc. provides cloud-based communications platforms that enable developers to integrate voice, messaging, video, email, and authentication into applications via APIs. Founded in 2008, the company offers programmable services for SMS, voice calls, WhatsApp, email, and IoT connectivity, serving enterprises, startups, and communication service providers globally. Twilio operates a pay-as-you-go model, allowing customers to scale usage without managing underlying telecom infrastructure. The company is headquartered in San Francisco, California, and trades on the New York Stock Exchange under the symbol TWLO.

View Company Profile