Senior Third Party Risk Analyst
Klaviyo is a Boston startup located right in the heart of downtown Boston. We craft software helping thousands of companies to engage and cultivate relationships with hundreds of millions of consumers. We love taking on tough problems and look for people who specialize in certain areas but are passionate about building, owning and scaling solutions end to end and breaking through any obstacle or challenge in their way. We push each other to move out of our comfort zone, learn new technologies and work hard to ensure each day is better than the last.
As a Senior Third Party Risk Analyst at Klaviyo, you will support Klaviyo’s Third Party Risk Management Program to ensure robust risk assessment and ongoing monitoring practices for a portfolio of third party relationships. Through collaboration with business relationship owners, business leadership, external third parties, and internal subject matter experts (i.e., Security and Trust, Legal, Information Technology), the incumbent enables and advances program objectives by helping business partners understand, measure, and manage the risks inherent with third party relationships.You’ll work on translating security concepts for others and develop an increased security consciousness throughout the organization. This is your opportunity to take an active role in risk management while growing your skills in cybersecurity, systems engineering, cloud security, and data science.
What you’ll be doing
- Develop and implement third party security risk management strategy consistent with changing enterprise-specific and industry-wide risk and regulatory environment
- Oversee third party vendor due diligence efforts for new vendors, existing vendors, in addition to supporting customers or prospects performing third party vendor due diligence on Klaviyo
- Maintain strong understanding of the products, services, and activities of various business units, as well as third party risk management principles and practices, and leverage that understanding to provide consulting, guidance and education to stakeholders throughout the third party lifecycle
- Partner with other stakeholders (Procurement, Information Technology, Legal) to conduct initial and annual diligence efforts; coordinate the execution of third-party controls and identify technology integration opportunities
- Provide IT risk management consulting to the business, technical and operations groups
- Ensure up-to-date records of processing activities to support privacy and compliance requirements for Data Subjects
- Ensure up-to-date vendor and asset inventories to proactively identify potential risk exposures to business critical technology solutions
- Develop effective Technology risk reporting and other communication channels to ensure timely escalation of significant risk issues
- Enhance the team with your individualism, spirit, and love of learning
We’d love to hear from you if you:
- Minimum of four (4) years equivalent work experience (Operational, IT, Security and/or Audit areas).
- Experience within third party audit or risk management platforms (RiskLens, OneTrust)
- Knowledge of laws and regulations related to Information Security.
- Knowledge of various SaaS applications, high-velocity engineering groups, databases, operating systems, firewalls, networks, and others technologies relevant to cybersecurity
- Possess excellent interpersonal skills and the ability to form relationships with internal and external teams.
- Familiarity with general financial and security frameworks including SOX, ISO 27001, NIST CSF, data privacy (GDPR, CCPA), etc.
Key Competencies
- Problem analysis
- Accountability
- Ability to effectively prioritize and execute tasks with competing priorities
- Quality focused
- Solutions oriented
- Excellent verbal and written communication
- Working collaboratively
Get to know Klaviyo
Klaviyo is a world-leading marketing automation platform dedicated to accelerating revenue and customer connection for online businesses. Klaviyo makes it easy to store, access, analyze and use transactional and behavioral data to power highly-targeted customer and prospect communications. The company's hybrid customer-data and marketing-platform model allows companies to grow by fostering direct relationships with customers, without giving up their valuable data to popular big-tech ad platforms. Over 265,000 innovative companies like Unilever, Custom Ink, Living Proof and Huckberry sell more with Klaviyo. Learn more at www.klaviyo.com.
Klaviyo does not tolerate and prohibits discrimination, harassment or retaliation of or against job applicants, contractors, interns, volunteers or employees by another employee, supervisor, vendor, customer or any third party.