Twilio - IT Governance/Compliance Lead - PCI/NIST Frameworks (7-9 yrs)

About the job :

This role is crucial for enhancing IT compliance landscape within our broader governance and compliance strategy. Reporting to the Director of IT Governance, the Governance Compliance Lead will promote IT adherence to various IT compliance frameworks, including GDPR, PCI-DSS, NIST, and SOX.

This position emphasizes partnership with both the IT and Compliance teams, acting as a trusted advisor to track and mitigate risks, and develop unified control framework.

As a Governance Compliance Lead, you will play a significant role in supporting IT risk management and policy/control creation.

Experience in the Secure Software Development Life Cycle (SSDLC) is a plus, as this role involves partnering with IT teams to foster a compliance and security by design mindset.

Responsibilities :

In this role, you'll :

- Maintain IT Compliance Frameworks : Establish and implement practices for managing IT compliance, aligning with broader objectives while reducing manual workload for IT team members through automation.

- Unified Control Framework Development : Lead efforts to develop and enhance unified control framework, integrating various compliance requirements and streamlining IT evidence gathering and requests to improve efficiency.

- Proactive Engagement : Initiate compliance measures to keep pace with evolving IT regulatory requirements like GDPR and best practices.

- Policy Creation and Review : Oversee the creation and review of policies related to IT development, ensuring alignment with compliance requirements.

- Stakeholder Communication : Ensure clear communication of compliance requirements and developments, acting as a trusted advisor across departments to build strong inter-departmental partnerships.

- Independent Operations : Confidently monitor and enhance compliance processes, providing feedback for ongoing improvement.

- Strategic Compliance Oversight : Oversee compliance for frameworks, translating regulatory requirements into actionable internal policies and IT controls

- Audit and Risk Management : Support internal audits and align strategies with IT risk management to mitigate threats.

- Collaboration and Coordination : Work closely with IT teams to integrate compliance considerations within the SSDLC.

- Compliance by Design : Advocate for a compliance and security by design approach throughout IT development projects.

Qualifications :

- Not all applicants will have skills that match a job description exactly. We value diverse experiences in other industries, and we encourage everyone who meets the required qualifications to apply.

- While having "desired" qualifications make for a strong candidate, we encourage applicants with alternative experiences to also apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering us. We are always looking for people who will bring something new to the table!

Required :

- Minimum of 8+ years in IT compliance roles, focusing on multiple compliance frameworks.

- Big 4 experience is advantageous.

- Bachelor's degree in Information Technology, Information Systems, Business Administration, or a related discipline.

- Expertise in GDPR, PCI-DSS, NIST, SOX, and other frameworks.

- Strong project management, policy development, and IT risk management capability.

- Excellent communication and stakeholder management abilities, with a proactive and independent work ethic.

- Strong analytical thinking focused on compliance risk management and mitigation strategies.

Desired :

- Awareness of governance or regulatory environments and frameworks such as PCI, COBIT, SOC, NIST, GDPR, SOX

- CISA, CRISC, or CGEIT preferred.

- Proficiency in compliance software tools and knowledge of SSDLC processes.