At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny.

Klaviyo is empowering creators to own their destiny. To that end, our Risk & Trust team partners with our fellow Klaviyos to help them securely deliver customer value and foster unwavering trust with our customers. Within Risk & Trust, our Risk function enables Klaviyos to take smart risks while bolstering accountability around timely and effective risk mitigation.

We’re seeking a highly motivated Lead Security Risk Partner who will help us continue to evolve our Risk function by using engineering principles and data-driven strategies to precisely identify, understand, communicate, and prioritize mitigation of risk. This role will start out primarily focused on a subset of our Risk programs: internal security risk management (risk discovery, assessment, and governance) and security metrics (analysis, curation, reporting)

You’ll partner closely with Engineering, IT, Security, Leadership, and basically every other team at Klaviyo to create a holistic view of risk based on high quality data about our assets, weaknesses, threats, and safeguards (controls). You’ll help your fellow Klaviyos identify, understand, prioritize, and manage risks that they own. You will help evolve our risk management practices to be transparent and centered around evidence-based risk models. Through all of this, you’ll help Klaviyo scale securely and sustainably deliver value for our customers.

What you’ll be doing

Lead and execute Risk program maturity projects that introduce more rigorous, streamlined, and automated approaches to risk management
Spearhead the optimization and automation of third-party risk assessments, significantly reducing time-to-completion and establishing capabilities for continuous risk monitoring at scale
Partner with other departments and teams to drive mutual understanding of security risks they own and how to prioritize managing those risks in support of Klaviyo’s goals
Create, tune, and operationalize business-relevant security metrics (KPIs, KRIs, KCIs) that demonstrably improve security outcomes across Klaviyo
Review new products, product features, and internal business projects to guide teams toward secure paths forward and away from accruing new security debt
Collaboratively define and enable teams about security policies and standards that clearly establish Klaviyo’s risk tolerance bar

We’d love to hear from you if you have most of the following:

Extensive experience conducting security risk assessments (including vendor/third-party and internal/first-party), collaborating on risk treatment strategies, and influencing risk treatment prioritization across various business units (Engineering, IT, Finance, Legal, etc.)
Thorough understanding of cloud-native web application architectures, security threats, and security best practices, especially in the context of AWS and Kubernetes
Experience using data visualization tools and SQL to build and operationalize security metrics (e.g. Apache Superset, Tableau, Domo, Amazon QuickSight)
Experience with scalable approaches to threat modeling, secure design reviews, and risk assessment methods that balance rigor and efficiency (e.g. Mozilla’s Rapid Risk Assessment)
Experience with security automation and process streamlining, ideally in the context of security risk management

Everyone on our team must have:

A strong bias toward evidence, logic, math, and reason when communicating risk (instead of fear, uncertainty, and doubt)
A strong bias toward “guardrails, not gates” and “paved security roads” philosophies (instead of rigid “centralized command-and-control” thinking)
Excellent ability to plan, prioritize, and deliver results cross-functionally and in a timely fashion
Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike, especially software engineering teams
Strong alignment with Klaviyo’s core values

Bonus points if you have any of the following:

Experience building tools with REST APIs and Python
Experience with data engineering tools (e.g. dbt, Airflow, Airbyte) or data lake platforms (e.g. Snowflake, Databricks)
Experience with cyber risk quantification (CRQ) tools and frameworks (e.g. FAIR, RiskLens, Safe Security, etc.)
Experience with modern GRC platforms or modern 3rd party risk management tools

Massachusetts Applicants:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location.

In addition to base salary, our total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility. Please visit Klaviyo Rewards to find out more about our Total Rewards package.

Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process.

Base Pay Range For US Locations:

$140,000—$210,000 USD

Get to Know Klaviyo

We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.

Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.

IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls.

By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice. If you do not wish for Klaviyo to process your Personal Data, please do not submit an application. You can find our Job Applicant Privacy Notice here.

Lead Security Risk Analyst

Klaviyo

Compensation Overview

We’d love to hear from you if you have most of the following:

Simplify's Take

What believers are saying

What critics are saying

What makes Klaviyo unique

Benefits

Growth & Insights and Company News

6 month growth

1 year growth

2 year growth