Information Security Specialist (IT)

Because Twist's DNA synthesis platform is highly proprietary and since the custom designed DNA from our customers often represent highly valuable Intellectual Property, information security at Twist is mission critical. With this context in mind, Twist is seeking a mid-level Information Security Specialist with three to five years experience who is passionate about information security and the security frameworks needed to enable a fast growing organization to scale at speed while protecting the Continuity, Integrity and Availability of Twist's critical information assets.

As the Information Security and Compliance Specialist, you will assist in the evaluation, design, and implementation of information security frameworks and capabilities in a fast paced, hands-on role that partners with stakeholders across Engineering, QA, IT, and Operations. Twist is ISO 27001 certified and you will directly contribute to the continuous improvement of the Information Security Management System (ISMS). Twist as a part of its Information Security program must pass a variety of certification and customer audits, and you will be a key participant in those audits. You will also be adept at handling and responding to internal, third party and customer cyber security inquiries.

From a technical experience and skills perspective, you will have broad experience and understanding of a variety of key IT technologies and systems, from system administration of the common operating systems (Mac, Windows, Unix/Linux), to working knowledge of key IT tools and systems such as Jira, Confluence, Single Sign On, AD, Google Workspaces. You should have a strong technical acumen with an eagerness and curiosity to onboard new technologies and systems.

This is a multi-faceted hands-on role suited to a Specialist who is passionate about security and compliance, and enjoys juggling multiple responsibilities.

Twist is a fast growing company in a rapidly evolving industry; human kind is only just beginning to understand what can be done with synthetic DNA. If you enjoy working in a fast-paced, highly collaborative environment, and information security is in your DNA, then Twist is the place for you.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Continuously improve Twist's security posture including but not limited to security incident response, vulnerability resolution, data protection, and risk management
• Respond to cyber security inquiries from both internal and external parties
• Implement the remediation of identified security risks and gaps
• Implement, document and maintain security policies, standards, guidelines, processes and procedures to ensure that Twist's ISO 27001 framework continuously improves as Twist grows
• Collaborate with Engineering teams to implement public cloud security controls, particularly for AWS
• Implement policies and procedures based on the ISO 27001 controls framework
• Collaborate closely with IT system administrators to troubleshoot, administer and maintain technical security controls across a broad range of systems and tools.
• Provide tactical information security guidance for IT, Engineering, and DevOps initiatives
• Incorporate security policies and procedures into existing and proposed systems
• Coordinate cyber security training for employees.
• Collaborate with third party security partners including managed SOC providers, penetration testing and vulnerability assessment providers, external auditors, etc

• 3-5 years of experience with network/infrastructure security, application security, & cryptography
• Information Security certification required (CISM, CISSP, GIAC)
• Experience with a major information security certification required e.g. ISO 27001, NIST Cyber Security Framework, SOC.
• Experience with SOX ITGC and GDPR preferred
• Excellent written and verbal communication skills
• A broad technical background encompassing the major technology tools and systems typically used by a cloud-first modern enterprise, including but not limited to G Suite, Slack, Zoom, VPN, Confluence, Jira, Single Sign-On, AD, GITHub.
• Experience with incident response processes and procedures

• Biotech or pharma industry experience a plus

• Bachelor's degree in Computer Science, Information Systems, Engineering or a related field