Staff Security GRC Program Manager - Process Integration & eGRC Technology
San Jose
hace 4 días

Who We Are

The Security Governance, Risk & Compliance (GRC) team works across Twitter to organize risk governance organizational structures, methodologies, and processes that are commensurate with industry best practice but tailored to Twitters niche risk sensitivities.

Security GRC capabilities allow Twitter to manage security risk & control programs that enable us to achieve company goals and better protect its customers and data in a responsible and proactive manner.

We work with internal and external stakeholders to build and operate programs that last - including Information Security, IT, Engineering, Product, Strategy & Operations, Internal Audit, Legal, Privacy, etc.

What Youll Do

We are growing our GRC team to further mature our security program and ensure that processes across GRC are effective, sustainable, and scalable to manage security and compliance risks for the company.

You will be responsible for process integration and driving implementation of enterprise GRC (eGRC) tooling supporting GRC programs to enable scalable, optimized, and unified activities and reporting.

Your focus will be to ensure current and future state in-scope processes and requirements are developed, designing and implementing the GRC tooling strategy, and continued expansion of use cases for the platform in partnership with other enterprise teams.

As a Staff Security GRC Program Manager, you will :

Mature the companys Security GRC processes including security policies / standards, risk assessments, risk register, common controls and compliance, and issue management programs through development of complex process integration and tooling strategies

Drive development of use cases and business requirements in close partnership with cross-functional stakeholders (GRC, Security, Privacy, Audit, Compliance, etc.

to fulfill all applicable solution needs

Employ business analysis and solution skills to interpret business requirements / impacts to ensure the optimal tooling strategies are identified, designed and implemented to meet business needs.

Lead functional and technical design for eGRC tooling based on business requirements and in-scope processes

Act as the primary technical lead representing cross-functional GRC areas working with vendors and other external parties with respect to tooling needs and implementation

Engage with other technical development teams as the main liaison for cross-platform integration requirements for GRC technologies

Manage project and reporting activities related to eGRC tooling efforts

Design and deliver end user training and support materials to support tool adoption

Maintain and provide operational support for GRC technologies

Continuously iterate on improvement opportunities to optimize GRC processes across the team and relevant stakeholders to maximize efficiency and scalability

Who You Are

Strong knowledge and experience running GRC / IRM tools and process integrations

Strong knowledge of project planning and project management methods and tools

A critical problem solver, detailed oriented, and highly motivated self-starter with a passion for constant learning & improvement

Able to communicate relevant information clearly and concisely, both verbally and in writing

Able to work efficiently with minimal oversight / direction and collaborate effectively in cross functional projects

Have good people skills and able to flourish under pressure and ambiguity in a fast-paced team environment

Ability to multi-task and handle multiple projects at the same time

Experience providing business / operations / technical consulting to senior leaders of organization


Bachelor degree in Information Security, Computer Science, Management Information Systems or related field preferred

Minimum 10+ years of related work experience with hands-on experience architecting and designing GRC technologies / platforms.

Must have foundational knowledge of GRC domains.

Demonstrated success in introducing process improvements and automation for security / operational risk management teams at large complex organizations

Experience with industry GRC products (e.g., ServiceNow, Archer, MetricStream or others)

Preferred but not required :

Knowledge of relevant information security control frameworks, such as ISO 27002, SOC 2 Trust Services Criteria, PCI DSS, NIST Cyber Security Framework (CSF) / 800-53, CIS Critical Security Controls

Knowledge of relevant risk management frameworks, such as ISO 31000, NIST RMF, NIST 800-30, FAIR

Proficient with Atlassian products (Confluence, Jira) and G-Suite applications

Additional Information

We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran, genetic information, marital status or any other legally protected status.

San Francisco applicants : Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records

The applicable salary range for each U.S.-based role is based on where the employee works and is aligned to one of 4 tiers according to a cost of labor index in that geographic area.

Starting pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands.

The expected salary ranges for this role, are set forth below. These ranges may be modified in the future.

  • Tier A : USD $162,000 - USD $226,000
  • Tier B : USD $154,000 - USD $216,000
  • Tier D : USD $138,000 - USD $193,000
  • You can view which tier applies to where you plan to work here and is updated for any future jurisdiction which requires publication of the salary range on the job posting.

    If your location is not listed, please speak with your recruiter for additional information.

    This job is also eligible for participation in Twitters Performance Bonus Plan and Equity Incentive Plan subject to the terms of the applicable plans and policies.

    Twitter offers a wide range of benefits to U.S.-based employees, including medical, dental, and vision insurance, 401(k) program with employer match, generous time off for vacation, sick time, and parental leave.

    Twitters benefits prioritize employee wellness and progressive support to our diverse workforce.

    Reportar esta oferta

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Formulario de postulación