Who We Are
The Security Governance, Risk & Compliance (GRC) team works across Twitter to organize risk governance organizational structures, methodologies, and processes that are commensurate with industry best practice but tailored to Twitters niche risk sensitivities.
Security GRC capabilities allow Twitter to manage security risk & control programs that enable us to achieve company goals and better protect its customers and data in a responsible and proactive manner.
We work with internal and external stakeholders to build and operate programs that last - including Information Security, IT, Engineering, Product, Strategy & Operations, Internal Audit, Legal, Privacy, etc.
What Youll Do
We are growing our GRC team to further mature our security program and ensure that processes across GRC are effective, sustainable, and scalable to manage security and compliance risks for the company.
You will be responsible for process integration and driving implementation of enterprise GRC (eGRC) tooling supporting GRC programs to enable scalable, optimized, and unified activities and reporting.
Your focus will be to ensure current and future state in-scope processes and requirements are developed, designing and implementing the GRC tooling strategy, and continued expansion of use cases for the platform in partnership with other enterprise teams.
As a Staff Security GRC Program Manager, you will :
Mature the companys Security GRC processes including security policies / standards, risk assessments, risk register, common controls and compliance, and issue management programs through development of complex process integration and tooling strategies
Drive development of use cases and business requirements in close partnership with cross-functional stakeholders (GRC, Security, Privacy, Audit, Compliance, etc.
to fulfill all applicable solution needs
Employ business analysis and solution skills to interpret business requirements / impacts to ensure the optimal tooling strategies are identified, designed and implemented to meet business needs.
Lead functional and technical design for eGRC tooling based on business requirements and in-scope processes
Act as the primary technical lead representing cross-functional GRC areas working with vendors and other external parties with respect to tooling needs and implementation
Engage with other technical development teams as the main liaison for cross-platform integration requirements for GRC technologies
Manage project and reporting activities related to eGRC tooling efforts
Design and deliver end user training and support materials to support tool adoption
Maintain and provide operational support for GRC technologies
Continuously iterate on improvement opportunities to optimize GRC processes across the team and relevant stakeholders to maximize efficiency and scalability
Who You Are
Strong knowledge and experience running GRC / IRM tools and process integrations
Strong knowledge of project planning and project management methods and tools
A critical problem solver, detailed oriented, and highly motivated self-starter with a passion for constant learning & improvement
Able to communicate relevant information clearly and concisely, both verbally and in writing
Able to work efficiently with minimal oversight / direction and collaborate effectively in cross functional projects
Have good people skills and able to flourish under pressure and ambiguity in a fast-paced team environment
Ability to multi-task and handle multiple projects at the same time
Experience providing business / operations / technical consulting to senior leaders of organization
Bachelor degree in Information Security, Computer Science, Management Information Systems or related field preferred
Minimum 10+ years of related work experience with hands-on experience architecting and designing GRC technologies / platforms.
Must have foundational knowledge of GRC domains.
Demonstrated success in introducing process improvements and automation for security / operational risk management teams at large complex organizations
Experience with industry GRC products (e.g., ServiceNow, Archer, MetricStream or others)
Preferred but not required :
Knowledge of relevant information security control frameworks, such as ISO 27002, SOC 2 Trust Services Criteria, PCI DSS, NIST Cyber Security Framework (CSF) / 800-53, CIS Critical Security Controls
Knowledge of relevant risk management frameworks, such as ISO 31000, NIST RMF, NIST 800-30, FAIR
Proficient with Atlassian products (Confluence, Jira) and G-Suite applications
We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer. We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran, genetic information, marital status or any other legally protected status.
San Francisco applicants : Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records
The applicable salary range for each U.S.-based role is based on where the employee works and is aligned to one of 4 tiers according to a cost of labor index in that geographic area.
Starting pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands.
The expected salary ranges for this role, are set forth below. These ranges may be modified in the future.
You can view which tier applies to where you plan to work here and is updated for any future jurisdiction which requires publication of the salary range on the job posting.
If your location is not listed, please speak with your recruiter for additional information.
This job is also eligible for participation in Twitters Performance Bonus Plan and Equity Incentive Plan subject to the terms of the applicable plans and policies.
Twitter offers a wide range of benefits to U.S.-based employees, including medical, dental, and vision insurance, 401(k) program with employer match, generous time off for vacation, sick time, and parental leave.
Twitters benefits prioritize employee wellness and progressive support to our diverse workforce.