At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny.
Klaviyo is building a world where creators are empowered to own their destiny. In support of this, our Security Risk & Trust team is focused on empowering our fellow Klaviyos to securely deliver value to and foster trust with our customers. We do this by building and leading highly efficient and effective security governance, risk management, compliance, and trust programs.
We’re seeking a highly motivated and collaborative Senior Security Risk Analyst who will help us accelerate our evolution in these key programs. Partnering closely with our Engineering, IT, Security, Leadership, and other teams, you’ll build tools and processes that foster a culture of disciplined risk decision making, informed by an evidence-based understanding of our assets, weaknesses, threats, and safeguards. You will help evolve our risk management practices to be transparent and centered around quantitative risk models. With a knack for communicating nuanced security topics to technical and non-technical audiences, you’ll help grow security consciousness across all of Klaviyo to the betterment of our customers.
What you’ll be doing
- Enhance existing risk management tools and processes to create a data driven, seamless, and excellent user experience for risk / asset owners
- Consult with partner teams to proactively identify potential risks and co-create controls and mitigation plans with them
- Streamline and automate third-party risk assessments, speeding up time-to-completion and enabling continuous re-assessments at scale
- Partner with cross-functional stakeholders to craft and integrate security policies and standards into project and system development life cycles to ensure security is “built in, not bolted on”
- Develop cyber risk quantification (CRQ) assessments powered by objective threat, incident, and asset data
- Build automated security metrics that enable stakeholders to see at a glance how well they’re doing at managing security risk (e.g. risk reduction over time, control health / uptime, security SLA achievement rate, etc.)
- Mentor junior team members to help them reach their full potential and achieve their development goals
- Contribute to Risk & Trust operations, such as performing third-party risk assessments, user access reviews, facilitating internal and external audits (SOC 2 Type II, ISO 27001, SOX ITGCs, etc.), continuously monitoring controls, responding to customer security questionnaires, fulfilling employees’ security service requests, etc.
- Then build and implement tooling that automates repetitive toil to free up our team’s time
We’d love to hear from you if you have:
- Experience designing, building, or implementing security controls, especially in AWS
- Experience doing security risk assessments, architecture reviews, or threat modeling
- Experience with security compliance frameworks (SOX ITGCs, ISO 27001, SOC 2, etc.)
- Knowledge of security best practices for SaaS, IaaS, IAM, networks, or containers
- Excellent ability to plan, prioritize, and execute work cross functionally and on time
- Proficiency communicating to technical and non-technical audiences with a positive and collaborative attitude
- Strong alignment with Klaviyo’s core values
Bonus points if you have any of the following:
- Experience with data query languages, writing code, or integrating with web APIs
- Experience implementing FAIR or cyber risk quantification (CRQ) processes or tools
- Experience with business intelligence or data analytics platforms (Tableau, Domo, etc.)
Get to Know Klaviyo
Klaviyo is a world-leading marketing automation platform dedicated to accelerating revenue and customer connection for online businesses. Klaviyo makes it easy to store, access, analyze and use transactional and behavioral data to power highly-targeted customer and prospect communications. The company's hybrid customer-data and marketing-platform model allows companies to grow by fostering direct relationships with customers, without giving up their valuable data to popular big-tech ad platforms. Over 265,000 innovative companies like Unilever, Custom Ink, Living Proof and Huckberry sell more with Klaviyo. Learn more at www.klaviyo.com .
If you are a Colorado or New York City resident and this role is a remote role, you can receive additional information about the compensation and benefits for this role, which we will provide upon request. Requests can be submitted here . Additional information regarding benefits can be found here .
Klaviyo is committed to diversity and to a policy of equal employment opportunity and non-discrimination. We do not discriminate on the basis of race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation or any other characteristic protected by applicable law.