Klaviyo
Senior Security Risk Analyst
Job Description
At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny.
Klaviyo is building a world where creators are empowered to own their destiny. In support of this, our Security Risk & Trust team is focused on empowering our fellow Klaviyos to securely deliver value to and foster trust with our customers. We do this by building and leading highly efficient and effective security governance, risk management, compliance, and trust programs.
We’re seeking a highly motivated and collaborative Senior Security Risk Analyst who will help us accelerate our evolution in these key programs. Partnering closely with our Engineering, IT, Security, Leadership, and other teams, you’ll build tools and processes that foster a culture of disciplined risk decision making, informed by an evidence-based understanding of our assets, weaknesses, threats, and safeguards. You will help evolve our risk management practices to be transparent and centered around quantitative risk models. With a knack for communicating nuanced security topics to technical and non-technical audiences, you’ll help grow security consciousness across all of Klaviyo to the betterment of our customers.
What you’ll be doing
- Enhance existing risk management tools and processes to create a data driven, seamless, and excellent user experience for risk / asset owners
- Consult with partner teams to proactively identify potential risks and co-create controls and mitigation plans with them
- Streamline and automate third-party risk assessments, speeding up time-to-completion and enabling continuous re-assessments at scale
- Mentor junior team members to help them reach their full potential and achieve their development goals
- Contribute to Risk & Trust operations, such as performing third-party risk assessments, user access reviews, facilitating internal and external audits (SOC 2 Type II, ISO 27001, SOX ITGCs, etc.), continuously monitoring controls, responding to customer security questionnaires, fulfilling employees’ security service requests, etc.
- Then build and implement tooling that automates repetitive toil to free up our team’s time
We’d love to hear from you if you have:
- Experience designing, building, or implementing security controls, especially in AWS
- Experience doing security risk assessments, architecture reviews, or threat modeling
- Knowledge of security best practices for SaaS, IaaS, IAM, networks, or containers
- Excellent ability to plan, prioritize, and execute work cross functionally and on time
- Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike
- Strong alignment with Klaviyo’s core values
Bonus points if you have any of the following:
- Experience with data query languages, writing code, or integrating with web APIs
- Experience implementing FAIR or cyber risk quantification (CRQ) processes or tools
- Experience with business intelligence or data analytics platforms (Tableau, Domo, etc.)
Massachusetts Applicants:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location.
In addition to base salary, our total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility. Please visit Klaviyo Rewards to find out more about our Total Rewards package.
Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process.
Get to Know Klaviyo
We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.
Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.
