Staff Security GRC Program Manager, Monetization & Security
San Jose
hace 3 días

The Position

We are looking for someone to join our new Monetization & Security team. You will ensure appropriate security programs are being applied to our monetized products and services on the platform (including Spaces, Tips, Super Follows and more).

You will help ensure we are complying to Money Transmitter License (MTL) requirements as well as drive applicable PCI Data Security Standard (DSS) compliance program obligations.

As a Staff Security GRC Program Manager, you will :

Lead efforts to ensure MTL requirements are understood and can be complied with by our Information Security program. This will include activities such as :

Staying abreast of applicable national and international laws and regulatory requirements / advisory bulletins and identifying gaps and recommendations for resolution to ensure near term and long term compliance

Ensuring Information Policy, Standards and Procedure (PSPs) are aligned and adopted as appropriate

Ensuring security-related internal controls are aligned and adopted as appropriate

Conducting or coordinating security testing or assessments to proactively identify and manage risks or other control failures that may impede MTL compliance

Working closely with Information Security teams to ensure current and emerging monetized products and services are adequately protected and assessed

Program managing related compliance activities and ensure their timely resolution

Lead efforts to ensure PCI DSS compliance requirements are executed and any identified risks / issues are resolved in a timely manner to ensure annual certification is met.

This will include activities such as :

Defining project plan and managing annual PCI compliance activities

Performing quarterly and annual scoping study of Twitter products and services and applicable infrastructure and processes

Supporting control owner education and awareness to ensure PCI requirements are being met

Coordinating required security tests as needed, such as, quarterly external security vulnerability scans and annual penetration tests - and managing timely remediation of identified gaps

Conducting the annual PCI self-assessment and certification if eligible (e.g., SAQ-A) or coordinating onboarding and work of a PCI Qualified Security Assessor (QSA) if needed

Build and maintain operational playbooks that support how we work and support the Monetization and Security Program

Develop and / or deliver regular risk metrics and reporting updates to Infosec / Staff leadership and management committees such as the Security Committee or Board Risk Committee

Build and maintain strong cross-functional relationships across the organization to help with expectation setting, training and awareness, and promote consistency and improvement in our processes

Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our Monetization and Security program / processes

Work collaboratively with Security GRC, Audit & Compliance teams to ensure adequate security controls are in place and streamlined to manage risk with Twitters monetized products and services

Help support various parts of the company to adopt a common risk management process, this may include joining other Security GRC projects (e.

g., Third Party Risk Management, M&A Due Diligence, Risk & Compliance Assessments) or other projects adjacent to our Security GRC program objectives.

Keep up with relevant regulation, emerging threats, forecasts, policies and best practices, and maintain a mindset of constant innovation to consider possibilities in advancing our monetization and security initiatives


An inspiring and resourceful leader who is able to effectively prioritize multiple projects simultaneously

Adept at digging into the details, bringing clarity from ambiguity, and synthesizing solutions that scale

Experience tackling complex problems from initial proposal to implementation with proven success in building influence and driving consensus across multiple stakeholders

Experience with successfully obtaining Money Transmitter Licenses (MTL)

Experience with managing and executing PCI DSS compliance requirements from scoping thru to certification

Proficient at designing and delivering key risk metrics and reports to varying audiences across the management chain

Adept at communicating risks and issues clearly and concisely to both technical and non-technical audiences

Able to work efficiently with minimal oversight / direction and practices good judgment on matters requiring attention and escalation

Have technical security-related knowledge of common risks, vulnerabilities, and threats and solid experience in escorting these issues through risk analysis / treatment / mitigation processes

Willing to advocate for the security of Twitter users and communicate why security decisions are important to other internal teams

Have great people skills and able to flourish under pressure and ambiguity in a fast-paced team environment


Bachelor degree in Information Security, Computer Science, Management Information Systems or related field preferred

Minimum 10+ years of related work experience building or operating programs to mitigate risks around security, confidentiality, integrity, availability, and privacy.

Preferred prior experience in Information Security, Governance Risk or Compliance, or relevant Audit / Assessments functions

Demonstrated success in a security / operational risk management team at large complex organizations with a mature risk oversight function with direct experience in conducting and analyzing security risk assessments

Strong knowledge of relevant information security frameworks, including related regulatory compliance requirements, such as NYDFS Cybersecurity, ISO 27001 / ISO 27002, SOC 2 Trust Services Criteria, PCI DSS, GDPR, NIST Cyber Security Framework (CSF) / 800-53, CIS Critical Security Controls

Strong knowledge of audit and risk management methodologies, such as SOX, COBIT, NIST RMF / 800-37 / 800-30, FAIR

Relevant professional certifications in Information Security or Governance Risk Compliance Management is a plus, such as CISA, CISM, CRISC, CGEIT, CSX-P, CISSP, CCSK

Former PCI Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) preferred

Proficient with Atlassian products, G-Suite applications, and GRC tools, such as RSA Archer / ServiceNow / MetricStream

Company Description

The Security Governance, Risk & Compliance (GRC) team works across Twitter to organize risk governance organizational structures, methodologies, and processes that are commensurate with industry best practice but tailored to Twitters niche risk sensitivities.

Security GRC capabilities allow Twitter to manage security risk & control programs that enable us to achieve company goals and better protect its customers and data in a responsible and proactive manner.

We work with internal and external stakeholders to build and operate programs that last - including Information Security, IT, Engineering, Product, Strategy & Operations, Internal Audit, Legal, Privacy, etc.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Heres all the legal good stuff : We are committed to an inclusive and diverse Twitter. Twitter is an equal opportunity employer.

We do not discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran, genetic information, marital status, or any other legally protected status.

San Francisco applicants : pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Notice (Colorado Equal Pay for Equal Work Act)

The expected salary range for this role to be performed in Colorado is USD$146,000.00 - USD$204,000.00. Starting pay for the successful applicant will depend on a variety of job-related factors, which may include education, training, experience, location, business needs, or market demands.

This range may be modified in the future.

This job is also eligible for participation in Twitters Performance Bonus Plan and Equity Incentive Plan subject to the terms of the applicable plans and policies.

Twitter offers a wide range of benefits to U.S.-based employees, including medical, dental, and vision insurance, 401(k) program with employer match, generous time off for vacation, sick time, and parental leave.

Twitter's benefits prioritize employee wellness and progressive support to our diverse workforce.

Reportar esta oferta

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.

Mi Correo Electrónico
Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
Formulario de postulación