Klaviyo is building a world where creators are empowered to own their destiny. In support of this, our Security Risk & Trust team is focused on empowering our fellow Klaviyos to securely deliver value to and foster trust with our customers. We do this by building and leading highly efficient and effective security governance, risk management, compliance, and trust programs.

We’re seeking a highly motivated and collaborative Senior Security Risk Analyst who will help us accelerate our evolution in these key programs. Partnering closely with our Engineering, IT, Security, Leadership, and other teams, you’ll build tools and processes that foster a culture of disciplined risk decision making, informed by an evidence-based understanding of our assets, weaknesses, threats, and safeguards. You will help evolve our risk management practices to be transparent and centered around quantitative risk models. With a knack for communicating nuanced security topics to technical and non-technical audiences, you’ll help grow security consciousness across all of Klaviyo to the betterment of our customers.

What you’ll be doing

1. Enhance existing risk management tools and processes to create a data driven, seamless, and excellent user experience for risk / asset owners
2. Consult with partner teams to proactively identify potential risks and co-create controls and mitigation plans with them
3. Streamline and automate third-party risk assessments, speeding up time-to-completion and enabling continuous re-assessments at scale
4. Mentor junior team members to help them reach their full potential and achieve their development goals
5. Contribute to Risk & Trust operations, such as performing third-party risk assessments, user access reviews, facilitating internal and external audits (SOC 2 Type II, ISO 27001, SOX ITGCs, etc.), continuously monitoring controls, responding to customer security questionnaires, fulfilling employees’ security service requests, etc.
6. Build and implement tooling that automates repetitive toil to free up our team’s time

We’d love to hear from you if you have:

1. Experience designing, building, or implementing security controls, especially in AWS
2. Experience doing security risk assessments, architecture reviews, or threat modeling
3. Knowledge of security best practices for SaaS, IaaS, IAM, networks, or containers
4. Excellent ability to plan, prioritize, and execute work cross functionally and on time
5. Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike
6. Strong alignment with Klaviyo’s core values

Bonus points if you have any of the following:

1. Experience with data query languages, writing code, or integrating with web APIs
2. Experience implementing FAIR or cyber risk quantification (CRQ) processes or tools
3. Experience with business intelligence or data analytics platforms (Tableau, Domo, etc.)