Security Compliance Engineer at Twilio
San Francisco, CA, US
Twilio Security is looking for someone with enthusiasm and fresh ideas on how to automate and scale out information security compliance program. Twilio has bold plans for security compliance and this role is imperative for success.

You’ll be challenged to drive the implementation of our compliance automation framework. You’ll need to build strong relationships with our engineering teams and support their efforts meeting our compliance goals. You’ll devise creative methods for helping engineering teams build compliance controls into their stack without negatively impacting their ability to deliver rapid improvements to Twilio products. If you’re looking for a role that will have a huge impact on a company, look no further!

Will lead the design, development and implementation of a compliance system to satisfy internal and external regulatory requirements.
Automate security compliance controls and evidence gathering over a large scale cloud environment.
Measure the success of the security solutions towards compliance requirements with metrics and dashboards, continually improving the effectiveness of the overall security compliance capabilities.
Provide guidance on the implementation of legal and regulatory requirements derived from information security standards (e.g., ISO/IEC, NIST, PCI-DSS, HIPAA, CSA, SOC, etc.).
Understand complex problems easily and come up with simple, practical, reliable, and maintainable solutions.
Support customer and audit requests, as needed.
Skills Required:
Use your development skills to build, develop and maintain systems and platforms that make it easy to meet compliance requirements across many engineering teams, products, programming languages, etc.
5+ years experience in distributed systems, high availability, microservices.
5+ years Hands-on experience developing tooling and RESTful services.
Functional knowledge of common security legal and regulatory requirements (e.g., ISO/IEC 27001, SOC1, SOC2, Webtrust, etc.) and ability to identify actionable and scalable solutions to gaps identified.
Experience with risk and compliance assessments and in-depth knowledge of industry standards and regulatory requirements (e.g., PCI, SOC, HIPAA, HITRUST, HITECH, FedRAMP, NIST, ISO/IEC 2700X, COBIT, FFIEC, NERC CIP, etc.).
Experience interpreting requirements from those standards and helping teams implement technical controls to meet (and exceed) them.
Degree and/or experience in Management Information Systems, Information Security and/or Computer Science
You have or are willing to obtain a certification such as: CISSP, CISA, CCSP, CCSK, CIPP, PMP, CRISC, CFCP, or CGEIT