See yourself at Twilio

Join the team as Twilio’s next Security Compliance & Regulatory Affairs Analyst 

About the job

We are actively recruiting for this role to support Twilio’s global security regulatory program and directly support the SCRA Lead in executing and scaling the company’s regulatory strategy.

This position is responsible for independently owning delegated components of regulatory analysis, triage, normalization, and operationalization of global cybersecurity and telecom regulatory obligations (e.g., NIS 2, TSA UK, Singapore IMDA), while contributing to broader program-level initiatives led by the SCRA Lead.

The role operates with high autonomy and is expected to take ownership of assigned workstreams end-to-end, requiring strong critical thinking, defensible regulatory interpretation, designing and executing cross-functional initiatives, and the ability to operate without detailed instruction.

Responsibilities

In this role, you’ll:

• Support the SCRA Lead in executing Twilio’s global security regulatory strategy, including contributing to program design, prioritization, and long-term regulatory planning
• Independently interpret complex and ambiguous regulatory frameworks (e.g., NIS 2, EU transpositions, TSA UK) and provide structured outputs that support Lead-level strategy and decision-making
• Support the development and maintenance of regulatory repositories and systems of record, ensuring accuracy, traceability, and audit readiness
• Execute and continuously improve the Cyber Regulation Intake & Triage process in partnership with Legal, ensuring consistent classification, routing, and lifecycle tracking of regulatory obligations
• Map regulatory requirements to internal control frameworks (e.g., UCF, ISO 27001, internal standards), identifying gaps and supporting Lead-driven control strategy decisions
• Develop regulator-ready and high-quality artifacts, including evidence mappings, control narratives, risk statements, and audit support documentation
• Identify, analyze, and escalate regulatory risks and audit obligations, supporting proactive planning and risk visibility at the program level
• Partner cross-functionally with Legal, Public Policy, R&D, Security, Product, Sales, and Risk teams, supporting the Lead in aligning regulatory interpretation with technical and business implementation
• Drive execution of process improvements, tooling enhancements, and automation initiatives defined by the SCRA program
• Operate with high ownership and accountability, executing work independently while aligning to strategic direction set by the SCRA Lead

Qualifications 

Twilio values diverse experiences from all kinds of industries, and we encourage everyone who meets the required qualifications to apply. If your career is just starting or hasn't followed a traditional path, don't let that stop you from considering Twilio. We are always looking for people who will bring something new to the table!

*Required 

• Experience: 5–8+ years of experience in security compliance, telecom compliance, regulatory affairs, GRC, or related domain within a global technology, cloud, or telecom environment
• Experience: Experience interpreting and operationalizing security frameworks and regulations (e.g., NIS 2, ISO 27001, SOC 2, telecom regulatory regimes)
• Experience: Experience mapping regulatory requirements to control frameworks, policies, and technical implementations
• Technical Domain Expertise: Broad understanding of security architecture, networking, access control, software development, cryptography, and operations. You should be fluent in how security controls are implemented across applications, systems, and cloud platforms to reduce inherent risk.
• Technical Domain Expertise: Ability to analyze ambiguous regulations / regulatory requirements and produce defensible interpretations to support leadership decision-making
• Communication: Strong written communication skills with ability to produce audit-ready and regulator-defensible documentation
• Stakeholder Partnership: Proven ability to collaborate across Legal, Engineering, Security, Product, Sales, and Risk teams in support of program objectives
• Strategic Mindset: High level of self-sufficiency, critical thinking, and ownership, with ability to execute without detailed instruction
• Adaptability: Demonstrated ability to independently execute and deliver complex workstreams end-to-end, while operating under high-level guidance
• Adaptability: Ability to manage multiple concurrent priorities in a global, fast-evolving regulatory landscape

*Desired:

• Technical Domain Expertise: Deep understanding of hybrid cloud environments (AWS/GCP), on-premise infrastructure, APIs, and microservices architectures. Experience in the Telecommunications sector (e.g. telecommunications or CPaaS environments involving messaging, voice, network security) highly preferred.
• Familiarity with primary global regulatory regimes (EU, UK, APAC, LATAM)
• Experience working with regulatory repositories, intake/triage workflows, or compliance automation systems
• Experience supporting external audits or regulator engagements
• High-Octane Individual Contributor: You are a self-starter who takes pride in being a "force multiplier." You have a proven ability to produce high-quality, audit-ready deliverables with minimal oversight.
• Master of Multi-Tasking: Exceptional organizational skills with the ability to context-switch effectively, managing a high volume of concurrent projects and emerging regulations without sacrificing depth or accuracy.
• Collaborative Partner: You don't work in a silo. You are skilled at building bridges across Legal, R&D, Security, and IT, ensuring that Security Regulatory Affairs is integrated as a seamless partner
• Efficiency Expert: You are constantly looking for ways to optimize your own output and team processes, turning manual, repetitive tasks into streamlined, automated successes.
• Executive Presence: Ability to distill granular technical findings into concise, high-level summaries that drive decision-making at the leadership level.

Location

This role will be remote and based in Ontario, British Columbia or Alberta, Canada. 

Travel

We prioritize connection and opportunities to build relationships with our customers and each other. For this role, you may be required to travel occasionally to participate in project or team in-person meetings.

What We Offer

Working at Twilio offers many benefits, including competitive pay, generous time off, ample parental and wellness leave, healthcare, a retirement savings program, and much more. Offerings vary by location. Based on role, employees may also be eligible for additional compensation and benefits, including but not limited to incentive programs, commissions, equity grants, health and wellness benefits, retirement contributions, and paid time off.

The estimated pay ranges for this role are as follows:

• $120,640 - 150,800 CAD
• Target Bonus Percentage: 15% 

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location.

High-Level Overview

Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.

Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.

What you'll do:

Governance & Policy

• Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
• Support policy exception management, attestation processes, and identify opportunities for process improvement.

Risk Management

• Assist with enterprise risk assessments, including vendor and process-level reviews.
• Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.

Compliance & Audit

• Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
• Assist with evidence gathering, control validation, and auditor engagement.
• Leverage GRC platforms to support audit, privacy, and compliance workflows.

Client Support & Sales Enablement

• Support the sales process by responding to client inquiries related to security, privacy, and compliance.
• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely, accurate responses that build client trust.

Privacy and Regulatory

• Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
• Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.

Advisory & Awareness

• Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
• Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
• Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
• Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.

What you'll bring:

• 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
• Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
• Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
• Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
• Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
• Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
• Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.
• An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
• Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.

High-Level Overview

Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.

Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.

What you'll do:

Governance & Policy

• Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
• Support policy exception management, attestation processes, and identify opportunities for process improvement.

Risk Management

• Assist with enterprise risk assessments, including vendor and process-level reviews.
• Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.

Compliance & Audit

• Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
• Assist with evidence gathering, control validation, and auditor engagement.
• Leverage GRC platforms to support audit, privacy, and compliance workflows.

Client Support & Sales Enablement

• Support the sales process by responding to client inquiries related to security, privacy, and compliance.
• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely, accurate responses that build client trust.

Privacy and Regulatory

• Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
• Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.

Advisory & Awareness

• Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
• Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
• Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
• Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.

What you'll bring:

• 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
• Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
• Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
• Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
• Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
• Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
• Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.
• An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
• Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.

High-Level Overview

Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.

Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.

What you'll do:

Governance & Policy

• Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
• Support policy exception management, attestation processes, and identify opportunities for process improvement.

Risk Management

• Assist with enterprise risk assessments, including vendor and process-level reviews.
• Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.

Compliance & Audit

• Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
• Assist with evidence gathering, control validation, and auditor engagement.
• Leverage GRC platforms to support audit, privacy, and compliance workflows.

Client Support & Sales Enablement

• Support the sales process by responding to client inquiries related to security, privacy, and compliance.
• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely, accurate responses that build client trust.

Privacy and Regulatory

• Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
• Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.

Advisory & Awareness

• Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
• Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
• Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
• Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.

What you'll bring:

• 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
• Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
• Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
• Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
• Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
• Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
• Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.
• An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
• Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.

High-Level Overview

Benevity is seeking a Governance, Risk & Compliance (GRC) Analyst to support and grow our security governance, risk, privacy, and regulatory program. In this role, you will contribute to the execution of Benevity’s GRC program by supporting compliance activities, assisting with risk assessments, contributing to third-party risk management, responding to client due diligence requests, and helping maintain the policies and controls that strengthen trust with our clients, partners, and stakeholders.

Working alongside experienced GRC professionals, you will build your skills in information security, compliance, and risk management while helping ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements. This is a hands-on role with significant learning and growth opportunities across governance, risk, audit, and privacy domains.

What you'll do:

Governance & Policy

• Assist in maintaining and rolling out security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
• Support policy exception management, attestation processes, and identify opportunities for process improvement.

Risk Management

• Assist with enterprise risk assessments, including vendor and process-level reviews.
• Support maintenance of the risk register, track remediation activities, and assist with risk treatment planning.
• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.

Compliance & Audit

• Support audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
• Assist with evidence gathering, control validation, and auditor engagement.
• Leverage GRC platforms to support audit, privacy, and compliance workflows.

Client Support & Sales Enablement

• Support the sales process by responding to client inquiries related to security, privacy, and compliance.
• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely, accurate responses that build client trust.

Privacy and Regulatory

• Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
• Collaborate with legal and data governance teams to help ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.

Advisory & Awareness

• Partner with business and technical teams to support the embedding of risk and compliance into projects and initiatives.
• Assist in delivering reporting and insights (dashboards, risk metrics, summaries) for leadership.
• Contribute to Benevity’s Security Awareness & Training program, including awareness campaigns, training modules, and phishing simulations.
• Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.

What you'll bring:

• 2–4 years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or technology-driven environment. (For a Junior GRC Analyst, we welcome candidates with 0–2 years of experience, including relevant internship, co-op, or academic project experience.)
• Working knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and/or CCPA/CPRA.
• Exposure to or experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to support policy, risk, audit, privacy, and vendor risk workflows.
• Familiarity with risk assessment methodologies, vendor risk concepts, and compliance evidence gathering.
• Experience or willingness to support client due diligence processes (security questionnaires, RFPs, TPRM).
• Ability to communicate risk, security, privacy, and regulatory concepts clearly to both technical and non-technical stakeholders.
• Strong organizational skills, attention to detail, and a proactive approach to learning and problem-solving.
• An interest in leveraging automation and AI to streamline GRC processes and enhance efficiency is a plus.
• Certifications such as Security+, CISM, CISA, CRISC, or CIPM/CIPP are valued; candidates actively pursuing certification are encouraged to apply.

High-Level Overview

Benevity is seeking a Senior Governance, Risk & Compliance (GRC) Analyst to elevate our security governance, risk, privacy, and regulatory posture. In this senior role, you will drive the execution, innovation, and continuous improvement of Benevity’s GRC program. You will lead compliance activities, conduct risk assessments, contribute to third-party risk management, respond to client due diligence requests, support FINTRAC/AML obligations, and influence policies and controls that strengthen trust with our clients, partners, and stakeholders.

As a trusted advisor across teams, you will help ensure Benevity aligns with leading standards, privacy laws, and regulatory requirements while fostering a culture of security, compliance, and accountability. You’ll also mentor junior members of the team, helping to grow Benevity’s next generation of security and compliance professionals, with a focus on developing proactive and innovative approaches to GRC challenges.

What you'll do:

Governance & Policy

• Contribute to the development, maintenance, and rollout of security and privacy policies, standards, and control frameworks aligned to ISO 27001, SOC 2, NIST, PCI DSS, GDPR, PIPEDA, FINTRAC, and other global regulations.
• Support policy approval, exception management, and attestation processes, actively seeking opportunities for process improvement and automation
  
  

Risk Management

• Lead and execute enterprise-wide risk assessments, including vendor and process-level reviews.
• Maintain and improve the risk register, track remediation activities, and support risk treatment planning.
• Contribute to Benevity’s Third-Party Risk Management (TPRM) program, including vendor onboarding assessments, ongoing monitoring, and remediation tracking.
  
  

Compliance & Audit

• Lead audit readiness and response efforts for ISO 27001, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and other frameworks.
• Coordinate evidence gathering, control validation, and auditor engagement.
• Leverage GRC platforms to streamline audit, privacy, and compliance workflows.

Client Support & Sales Enablement

• Support the sales process by responding to client inquiries related to security, privacy, and compliance.
• Complete customer security questionnaires, RFPs, and third-party risk management (TPRM) requests.
• Partner with sales and client success teams to provide timely, accurate responses that build client trust.
  
  

Privacy and Regulatory

• Support privacy-related initiatives across jurisdictions (GDPR, PIPEDA, CCPA/CPRA, and others).
• Collaborate with legal and data governance teams to ensure compliance with data protection and financial crime regulations.
• Assist with FINTRAC-related compliance requirements, including reporting and risk assessments related to AML/ATF obligations.
• Monitor regulatory changes (privacy, AML, financial crime) and help align internal processes accordingly.

Advisory, Awareness & Mentorship

• Partner with business and technical teams to embed risk and compliance into projects and initiatives.
• Deliver reporting and insights (dashboards, risk metrics, executive summaries) for leadership.
• Lead Benevity’s Security Awareness & Training program, including the design, delivery, and continuous improvement of awareness campaigns, training modules, and phishing simulations.
• Contribute to training, documentation, and awareness activities that strengthen Benevity’s security, privacy, and compliance culture.
• Mentor and coach junior team members, providing guidance, feedback, and knowledge sharing to support their growth and development.

What you'll bring:

• 5+ years of experience in cybersecurity, governance, risk, compliance, or privacy, ideally in a SaaS or high-growth environment.
• Strong knowledge of security, privacy, and regulatory frameworks including ISO 27001, NIST, SOC 2, PCI DSS, GDPR, PIPEDA, FINTRAC, and CCPA/CPRA.
• Hands-on experience with GRC tooling (e.g., OneTrust, Hyperproof, SecurityPal, AuditBoard, Drata) to manage policies, risks, audits, privacy, and vendor risk workflows.
• Proven success in conducting risk assessments, managing vendor risk/TPRM, maintaining risk registers, and driving remediation.
• Experience supporting client due diligence processes (security questionnaires, RFPs, TPRM).
• Ability to clearly communicate risk, security, privacy, and regulatory concepts to both technical and non-technical stakeholders.
• Strong organizational and project management skills with experience leading cross-functional initiatives.
• A demonstrated interest and track record in leveraging automation and AI to streamline GRC processes and enhance efficiency.
• Certifications such as CISM, CRISC, CISSP, CISA, or CIPM/CIPP are highly valued.

At Lyft, our mission is to build a more connected world, ride by ride. 

Lyft connects people to transportation to change the way we live and get around our communities. Our drivers and passengers entrust Lyft with their personal information and travel details to get where they are going and expect us to keep that data safe. Lyft’s Privacy team is comprised of engineers and analysts dedicated to ensuring that appropriate data protection measures are applied at all times. We conduct privacy risk assessments, consult with organizational stakeholders, maintain Lyft’s privacy program, develop privacy policies, and advise on all matters related to privacy.

We are looking for a highly motivated, organized, and passionate individual to join our Privacy and Compliance Team. As a member of this team, you will engage in our privacy-by-design process to ensure that privacy and security are built into our products by default.  Every day, you’ll partner with stakeholders across the company working on exciting new projects, help de-risk their product development, conduct risk assessments, and serve as a trusted adviser to teams across Lyft. You’ll help our team stay organized, on track, and ensure both us and teams across Lyft are meeting their strategic goals. 

This role is ideal for someone who thrives on building structure and takes pride in keeping complex, fast-moving programs organized. You're someone who loves building/improving systems, documenting processes so others can follow them, and maintaining visibility across many workstreams at once. You get energized by cross-functional collaboration and find satisfaction in being the connective tissue that helps teams stay aligned, accountable, and moving forward.

Responsibilities:

• Drive operational excellence across the privacy team by streamlining workflows, eliminating redundancies, and building scalable processes that improve team efficiency and output quality
• Develop and track meaningful program metrics to establish accountability, measure effectiveness, and communicate program health to leadership and cross-functional stakeholders
• Build and maintain team expertise in tooling and operations software, ensuring consistent adoption and optimal utilization across the program
• Conduct privacy risk assessments of new and existing Lyft products, services, and processes
• Assess third parties for security and data protection controls, and provide risk assessments and mitigation recommendations
• Support and improve the team’s planning and reporting procedures
• Build strong cross-functional relationships with product and engineering teams and advise them on complex data privacy-related issues
• Communicate risk to both technical and non-technical stakeholders across the business and negotiate risk mitigation strategies
• Develop and maintain internal privacy policies, guidelines, and best practices for Lyft

Experience:

• Knowledge of a broad range of privacy concepts and demonstrated ability to apply them to real-world situations
• Experience conducting privacy risk assessments, third party risk assessments, and and risk mitigation
• Experience with privacy regulations (e.g., CCPA, GDPR, PIPEDA)
• Experience with security compliance frameworks (ISO 27001, PCI-DSS, SOC 2) 
• Experience using Jira for project and task tracking, reporting, and program performance monitoring  
• Experience driving operational improvements within a privacy, security, compliance, or risk function, including process design, metrics development, and tooling adoption
• Strong cross-functional communication and leadership skills, with the ability to initiate and drive projects proactively
• Strong teamwork and collaboration skills
• Strong organizational skills and attention to detail 
• Strong written and verbal communication skills
• Ability to own and manage multiple tasks and high priority projects
• IAPP privacy certifications (e.g., CIPP, CIPM, CIPT) a plus

Benefits:

• Extended health and dental coverage options, along with life insurance and disability benefits
• Mental health benefits
• Family building benefits
• Child care and pet benefits
• Access to a Lyft funded Health Care Savings Account
• RRSP plan with company match to help save for your future
• In addition to provincial observed holidays, salaried team members are covered under Lyft's flexible paid time off policy. The policy allows team members to take off as much time as they need (with manager approval). Hourly team members get 15 days paid time off, with an additional day for each year of service 
• Lyft is proud to support new parents with 18 weeks of paid time off, designed as a top-up plan to complement provincial programs. Biological, adoptive, and foster parents are all eligible.
• Subsidized commuter benefits and Lyft ride credits

Lyft is committed to creating an inclusive workforce that fosters belonging. Lyft believes that every person has a right to equal employment opportunities without discrimination because of race, ancestry, place of origin, colour, ethnic origin, citizenship, creed, sex, sexual orientation, gender identity, gender expression, age, marital status, family status, disability, pardoned record of offences, or any other basis protected by applicable law or by Company policy. Lyft also strives for a healthy and safe workplace and strictly prohibits harassment of any kind.  Accommodation for persons with disabilities will be provided upon request in accordance with applicable law during the application and hiring process. Please contact your recruiter if you wish to make such a request.

Lyft highly values having employees working in-office to foster a collaborative work environment and company culture. This role will be in-office on a hybrid schedule — Team Members will be expected to work in the office at least 3 days per week, including on Mondays, Wednesdays, and Thursdays. Lyft considers working in the office at least 3 days per week to be an essential function of this hybrid role. Your recruiter can share more information about the various in-office perks Lyft offers. Additionally, hybrid roles have the flexibility to work from anywhere for up to 4 weeks per year. #Hybrid

The expected base pay range for this position in the Toronto area is CAD $136,000 - CAD $170,000, not inclusive of potential equity offering, bonus or benefits. Salary ranges are dependent on a variety of factors, including qualifications, experience and geographic location. Your recruiter can share more information about the salary range specific to your working location and other factors during the hiring process.

Lyft may use artificial intelligence to screen applicants, however, Lyft employees make the ultimate selection and hiring decisions.

This job fills an existing vacancy.

Position Overview:

The Security Operations team is an agile, exciting, hands-on security operations team focused on protecting Diligent personnel, sites, and assets worldwide. We like to get our hands dirty working closely together and cross-functionally with the greater Security Department. Our goal is to maintain the confidentiality and integrity of customer, employee, and business information in compliance with organization, industry, and regional policies and standards.

Security Operations Analyst II is a part of high impact security operations team focused on protecting Diligent personnel, sites and assets worldwide. As part of the Security team, you will help to with the strategy, development, and deployment of a comprehensive physical and logical security operation programs. The position is responsible for oversight and operations on security event monitoring, incident response, user behavior analysis, threat hunting, in addition to maintaining the confidentiality and integrity of customer, employee, and business information in compliance with organization, industry, and regional policies and standards.

Key Responsibilities

• Actively monitor and respond to security alerts from tools such as SIEM, EDR, CNAP, etc.
• Analyze security alerts and document tuning opportunities to reduce false positives.
• Support change management responsibilities to reduce security risk/impact to corporate systems and networks.
• Contribute to security tooling policies and supporting process enhancement as needed to mature defense controls and facilitate exceptions for BAU operations.
• Initiate and coordinate incident response activities. Maintain documentation and reports for compliance purposes. 
• Configure and run network and endpoint vulnerability scans. Closely collaborate with technical teams to mitigate risks through patching and configuration changes.
• Assess and evaluate the suitability of existing and new security tools to bolster the organization’s security posture

Required Experience/Skills 

• 3-5 years of information technology experience or the equivalent combination of education, technical training, or work experience.
• Working experience in information security, especially on a Computer/Security Incident Response Team (C/SIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC)
• Working experience with regulatory compliance and information security management frameworks.
• Strong decision-making capabilities.
• Technical knowledge of anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns.

Preferred Experience/Skills

• Must have strong interpersonal skills with the ability to interact with customer’s technical, non-technical easily and effectively, support, and business staff at all levels.

Harbor is seeking a Security Analyst to join our internal IT Operations team. This role is responsible for strengthening Harbor’s security posture through proactive vulnerability management, third-party risk management (TPRM), and client-facing security assurance activities. The ideal candidate brings hands-on experience with vulnerability scanning tools (particularly Qualys), strong analytical skills, and the ability to communicate security practices effectively across internal and external stakeholders.

This is a fully remote position located in Canada or the Philippines and must align with United States working business hours (EST).

Key Responsibilities:

Vulnerability Management (Qualys-Focused)

• Administer and operate Qualys for continuous vulnerability scanning across infrastructure, endpoints, and cloud environments
• Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with infrastructure and engineering teams
• Track remediation progress and produce reporting dashboards and metrics for leadership
• Continuously improve vulnerability management processes, including SLAs, exception handling, and risk acceptance workflows

Third-Party Risk Management (TPRM)

• Support and manage the third-party risk lifecycle, including vendor onboarding, assessments, and periodic reviews
• Evaluate vendor security posture using standardized frameworks (e.g., SIG, CAIQ, or equivalent)
• Maintain vendor risk inventory and ensure alignment with internal security policies

Client Security Questionnaires & Assurance

• Own and respond to client security questionnaires, RFPs, and due diligence requests
• Collaborate with internal stakeholders to ensure accurate, consistent, and timely responses
• Maintain a centralized knowledge base of standard responses to improve efficiency and consistency
• Support audits and client security reviews as needed

Security Posture & Governance

• Review, update, and maintain security policies, standards, and procedures
• Identify gaps in current security controls and recommend improvements aligned with industry frameworks (e.g., SOC2, ISO 27001)
• Partner with IT and engineering teams to enhance overall security posture and maturity
• Stay current on emerging threats, vulnerabilities, and best practices

Incident Support & General Security Operations

• Assist in the investigation and response to security incidents and vulnerabilities
• Support internal security initiatives, including awareness, compliance, and risk reduction efforts
• Contribute to continuous improvement of security tooling and processes

Required Qualifications:

• 4+ years of experience in information security, cybersecurity, or a related field
• Hands-on experience with vulnerability management tools (preferably Qualys)
• Experience responding to client security questionnaires or audit requests
• Foundational understanding of network security concepts (firewalls, SIEM, IDS/IPS, endpoint protection)
• Familiarity with risk management principles, including third-party/vendor risk
• Familiarity with M365 Security Tools, Exchange Online Protection, Purview, a plus.

Preferred Qualifications

• Experience with TPRM programs or vendor risk platforms
• Knowledge of security frameworks (ISO 27001, SOC 2)
• Experience with remediation tracking and security metrics/reporting
• Familiarity with penetration testing concepts and vulnerability exploitation techniques

Education & Certifications

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)