Risk Engineer

Klaviyo is a Boston startup located right in the heart of downtown Boston.  We craft software helping thousands of companies to engage and cultivate relationships with hundreds of millions of consumers.  We love taking on tough problems and look for people who specialize in certain areas but are passionate about building, owning and scaling solutions end to end and breaking through any obstacle or challenge in their way. We push each other to move out of our comfort zone, learn new technologies and work hard to ensure each day is better than the last.

Klaviyo is looking for a Risk Engineer to identify and evaluate security risk, build and develop controls, identify areas for improvement, and help mature the information security and privacy programs as a valued member of the Security and Trust team.

What youll be doing

• Manage and implement complex controls frameworks 
• Build automation into the design of controls to eliminate the human elements
• Conduct risk assessments across business units and processes; document risk findings and remediation/mitigation plans
• Assist and/or implement controls to support risk mitigation efforts across various business units with stakeholders
• Leverage in-depth technical knowledge and business acumen to design and implement secure solutions
• Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
• Assist with the security compliance certification programs across the company that our customers depend on
• Enhance the team with your individualism, spirit, and love of learning

Wed love to hear from you if you:

• Minimum of 4+ years of information security, IT audit and/or IT Risk Management experience
• Deep knowledge of cloud technologies/environments, including evaluating and implementing controls on Software as a Service (SaaS) services and hosted infrastructure services (AWS)
• Experience working with APIs to automate testing and enable orchestration between various SaaS technologies
• Deep understanding of NIST CSF, ISO 27002, SOC 2, and SOX frameworks
• Youre a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
• Have experience training and coaching teams to become better security and privacy practitioners
• You possess a heightened risk consciousness and enjoy evaluating risks before making decisions
• Like working on a small, autonomous, agile team. At Klaviyo, you will experience ownership over your work, but you'll collaborate with everyone to make sure we produce and implement the right solutions