Senior GRC Analyst
Klaviyo is a Boston startup located right in the heart of downtown Boston. We craft software helping thousands of companies to engage and cultivate relationships with hundreds of millions of consumers. We love taking on tough problems and look for people who specialize in certain areas but are passionate about building, owning and scaling solutions end to end and breaking through any obstacle or challenge in their way. We push each other to move out of our comfort zone, learn new technologies and work hard to ensure each day is better than the last.
As a Senior Governance, Risk, and Compliance (GRC) Analyst at Klaviyo, you’ll work with stakeholders and subject matter experts across the organization to identify business risks, understand applicable policies, and develop mitigation plans. You will get technical, environmental, and personnel details from subject matter experts and engineers to assess the entire threat landscape. You will then help guide fellow Klaviyos through a plan of action with presentations, whitepapers, and milestones. You’ll work on translating security concepts for others and develop an increased security consciousness throughout the organization. This is your opportunity to take an active role in cybersecurity while growing your skills in risk analysis, systems engineering, cloud security, and data science.
What you’ll be doing
- Utilize broad expertise and knowledge in Information Security and Information Technology to lead and execute project assignments related to IT general control development and implementation, policy and procedure development, compliance testing, process analyses, gap identification, and remediation of deficiencies.
- Provide IT risk management consulting to the business, technical and operations groups
- Proactively identify potential risk exposures to business critical technology solutions; work with stakeholders to implement appropriate solutions to mitigate exposure.
- Develop effective Technology risk reporting and other communication channels to ensure timely escalation of significant risk issues.
- Participate in third party vendor due diligence efforts for new vendors, existing vendors, in addition to supporting customers or prospects performing third party vendor due diligence on Klaviyo.
- Work with stakeholders for internal and external audits or examinations; coordinate efforts to ensure the necessary documentation is provided in a timely manner, complete responses to findings/exceptions, and develop action plans to correct findings/exceptions.
- Enhance the team with your individualism, spirit, and love of learning.
We'd love to heard from you, if you have:
- Minimum of four (4) years equivalent work experience (Operational, IT, Security and/or Audit areas).
- Experience within audit or risk management areas.
- Knowledge of laws and regulations related to Information Security.
- Knowledge of various SaaS applications, high-velocity engineering groups, databases, operating systems, firewalls, networks, and others technologies relevant to cybersecurity
- Possess excellent interpersonal skills and the ability to form relationships with internal and external teams.
- Familiarity with general financial and security frameworks including SOX, ISO 27001, NIST Cybersecurity Framework, Trust Services Principles, CIS, data privacy (GDPR, CCPA), etc.
- Problem analysis
- Ability to effectively prioritize and execute tasks in a high-pressure environment
- Quality focused
- Solutions oriented
- Excellent verbal and written communication
- Working collaboratively