Senior Manager, Security Risk

About The Position

Requirements

• Experience: 8+ years in Cybersecurity or Information Security, with at least 4+ years in a people management role leading international teams. A "no-ego" approach to leadership; someone who is comfortable "taking the heat" for the program while giving credit to the team for successes.
• Negotiation & Diplomacy: The ability to navigate high-tension situations finding the "win-win" middle ground.
• Technical Domain Expertise: Deep understanding of hybrid cloud environments (AWS/GCP), on-premise infrastructure, and microservices. Experience in the Telecommunications sector is highly preferred.
• Framework Fluency: Proven track record of implementing and maturing risk frameworks such as NIST RMF, ISO 3100. Specific experience in AI Risk Management or Data Governance frameworks is a significant plus.
• Tooling Mastery: Power-user level proficiency in Jira (for workflow orchestration) and experience with security tooling (e.g., Wiz, Orca, Snyk) and GRC platforms (e.g., LogicGate, Jira, Archer, ServiceNow).
• Strategic Mindset: Ability to pivot quickly between tactical "firefighting" and long-term strategic planning. You must be able to identify which risks are the most valuable to report on at any given time.
• Communication: Exceptional written and verbal communication skills, with a proven ability to present complex risk topics to non-technical executive audiences. Ability to highlight and report on shared risk responsibility is key.
• Adaptability: Proven ability to adapt to a specific company culture while driving necessary change and maturity.

Nice To Haves

• This role will have a deep fascination with how AI is changing the threat landscape and have ideas on how to govern it without stifling innovation.
• Familiarity with the NIST AI RMF or ISO 42001 and the ability to assess the risks of data leakage and prompt injection in internal AI tools.
• Risk Appetites & Tolerance Modeling: Ability to move beyond "High/Medium/Low" to help the business define and document specific risk appetite statements that guide engineering trade-offs.
• Cost-Benefit Analysis: Skill in quantifying the cost of a security control versus the value of the risk it mitigates, ensuring pragmatic investment.This individual will understand that a perfect security score is impossible and instead focus on 'Intelligent Risk Taking' that keeps the company safe while it scales.
• Threat Modeling: Experience integrating threat modeling into the early stages of a CI/CD pipeline rather than performing assessments after production.
• Infrastructure as Code (IaC) Familiarity: Understanding how risk is managed in automated environments (Terraform, Pulumi) where "policy-as-code" can be implemented.
• Product Security Mindset: Experience working with Product Managers to prioritize security features in a roadmap alongside revenue-generating features.

Responsibilities

• Program Leadership & People Management: Lead, mentor, and grow a team of international and domestic risk analysts.
• Foster a culture of excellence, accountability, and continuous professional development.
• Hands-on Risk Assessment: Conduct and oversee complex risk assessments across microservices architectures, cloud-native environments, and legacy on-premise telecommunications systems.
• Integrating compliance control requirements into the risk management process.
• Strategic Framework Implementation: Operationalize and mature the One Twilio Risk Management framework leveraging risk management frameworks (NIST RMF, ISO 27005, etc.) with a specific focus on emerging areas like AI Risk, Data Governance, Privacy, Reliability, and Observability.
• Advanced Reporting: Develop and deliver high-impact, executive-level risk reporting. You must be able to translate technical vulnerabilities into business risk, providing leadership with the "so-what" and actionable insights to drive investment.
• Workflow Optimization: Identify and design efficient process workflows within Jira and GRC tools to automate risk intake, tracking, and remediation, ensuring seamless integration with R&D and IT workstreams.
• Pragmatic Problem Solving: Deliver "outside the box" based risk solutions that balance risk mitigation with business velocity. Ensure the security organization is viewed as an enabler, not a blocker.
• Stakeholder Management: Act as a primary point of contact for external auditors and regulators, clearly articulating Twilio’s risk posture and the effectiveness of our controls.

Benefits

• Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more.