This role creates the security risk strategy and provides cyber governance and risk management oversight; establishing and managing the security policy framework and relevant standards; overseeing applicable security, privacy, contractual and compliance requirements through strategy development, controls definition and assessment and process oversight.
- At least 10 years experience in a security or compliance management role and have built and aligned teams to organizational compliance needs.
- Worked with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders. Experience reporting to an audit committee/board.
- Prior experience with security policy, standards, and controls definition
- Strong knowledge of current and emerging cybersecurity risks, and innovative risk management methods and solutions
- A deep understanding of risk management methodologies, frameworks, and principles (e.g. SOX, COBIT, NIST, CSA, ITIL, etc.) to evaluate and recommend the best approach to mitigating risk with best in class controls.
- Established metrics for information security to understand the current effectiveness of their program and to provide transparency for senior leadership.
- Experience leading a global, distributed, and remote workforce.
As a Sr. Director, you will live the Twilio Magic values:
- WRITE IT DOWN: You’re able to clearly articulate your thoughts through prose to gain alignment with stakeholders.
- DRAW THE OWL: You can take ambiguous direction and create a clear action plan with milestones.
- BE INCLUSIVE: You are a leader, coach and enjoy creating opportunities for others
- BE AN OWNER & BE BOLD: Develop, implement and lead an integrated GRC strategy and process to monitor and evaluate business, technology, and information risks, issues, and opportunities
- EMPOWER OTHERS: Interact extensively across all functional teams within Twilio and have significant exposure to our executive leadership.
- NO SHENANIGANS: Operationalization of a metrics and reporting function to continually report on meaningful security, risk and compliance metrics for operational and executive management