Klaviyo is building a world where creators are empowered to own their destiny. In support of this, our Security Risk & Trust team is focused on empowering our fellow Klaviyos to securely deliver value to and foster trust with our customers. We do this by building and leading highly efficient and effective security governance, risk management, compliance, and trust programs.We’re seeking a highly motivated and collaborative Senior Security Risk Analyst who will help us accelerate our evolution in these key programs. Partnering closely with our Engineering, IT, Security, Leadership, and other teams, you’ll build tools and processes that foster a culture of disciplined risk decision making, informed by an evidence-based understanding of our assets, weaknesses, threats, and safeguards. You will help evolve our risk management practices to be transparent and centered around quantitative risk models. With a knack for communicating nuanced security topics to technical and non-technical audiences, you’ll help grow security consciousness across all of Klaviyo to the betterment of our customers.What you’ll be doingEnhance existing risk management tools and processes to create a data driven, seamless, and excellent user experience for risk / asset ownersConsult with partner teams to proactively identify potential risks and co-create controls and mitigation plans with themStreamline and automate third-party risk assessments, speeding up time-to-completion and enabling continuous re-assessments at scaleMentor junior team members to help them reach their full potential and achieve their development goalsContribute to Risk & Trust operations, such as performing third-party risk assessments, user access reviews, facilitating internal and external audits (SOC 2 Type II, ISO 27001, SOX ITGCs, etc.), continuously monitoring controls, responding to customer security questionnaires, fulfilling employees’ security service requests, etc.Build and implement tooling that automates repetitive toil to free up our team’s timeWe’d love to hear from you if you have:Experience designing, building,

or

implementing security controls, especially in AWSExperience doing security risk assessments, architecture reviews, or threat modelingKnowledge of security best practices for SaaS, IaaS, IAM, networks,

or

containersExcellent ability to plan, prioritize, and execute work cross functionally and on timeProficiency discussing complex, nuanced topics with technical & non-technical audiences alikeStrong alignment with

Klaviyo’s core valuesBonus points if you have any of the following:Experience with data query languages, writing code, or integrating with web APIsExperience implementing FAIR or cyber risk quantification (CRQ) processes or toolsExperience with business intelligence or data analytics platforms (Tableau, Domo, etc.)

#J-18808-Ljbffr