Senior Security Risk and Compliance Analyst
Klaviyo is a Boston startup located right in the heart of downtown Boston. We craft software helping thousands of companies to have engaging relationships with hundreds of millions of consumers. We love taking on tough engineering problems and look for full stack engineers who specialize in certain areas but are passionate about building, owning & scaling features end to end from scratch and breaking through any obstacle or technical challenge in their way. We push each other to move out of our comfort zone, learn new technologies and work hard to ensure each day is better than the last.
Klaviyo is looking for a Senior Security Risk and Compliance Analyst to take ownership of identifying and evaluating security risk, building and developing controls, identifying areas for improvement, and helping mature the information security and privacy programs. You’ll work to ensure we have appropriate controls in place that are designed appropriately and operating effectively as a valued member of the Security and Trust team at Klaviyo.
What you’ll be doing
- Manage and implement complex controls frameworks. Knowledge of, or experience working with Cloud technologies/environments, including evaluating and implementing controls on Software as a Service (SaaS) services and Cloud infrastructure.
- Conduct risk assessments across business units and processes; document risk findings and remediation/mitigation plans
- Assist and/or implement controls to support risk mitigation efforts across various business units with stakeholders
- Leverage in-depth technical knowledge and business acumen to design and implement secure solutions
- Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
- Assist with the security compliance certification programs across the company that our customers depend on
- Build automation into the design of controls to eliminate the human elements
- Enhance the team with your individualism, spirit, and love of learning
We'd love to hear from you if you:
- Minimum of 4+ years of information security, IT audit and/or IT Risk Management experience
- Deep understanding of NIST CSF, ISO 27002, SOC 2, and SOX frameworks
- You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
- Have experience training and coaching teams to become better security and privacy practitioners
- Like working on a small, autonomous agile team. At Klaviyo, you will have ownership of security, but you'll collaborate with everyone to make sure we produce and implement the right solutions