Security Risk and Compliance Manager

Boston, MA
Information Security – Infosec
Full Time
Security Risk and Compliance Manager

Klaviyo is a Boston startup located right in the heart of downtown Boston.  We craft software helping thousands of companies to have engaging relationships with hundreds of millions of consumers.  We love taking on tough engineering problems and look for full stack engineers who specialize in certain areas but are passionate about building, owning & scaling features end to end from scratch and breaking through any obstacle or technical challenge in their way. We push each other to move out of our comfort zone, learn new technologies and work hard to ensure each day is better than the last.

Klaviyo is looking for a Security Risk and Compliance Manager to take ownership of identifying and evaluating security risk, building and developing controls, identifying areas for improvement, and helping mature the information security and privacy programs.  You’ll be in-charge to ensure we have appropriate controls in place that are designed appropriately and operating effectively as be a valued member of the Security and Trust team at Klaviyo.

What you’ll be doing

• Develop and manage complex controls frameworks. Knowledge of, or experience working with Cloud technologies/environments, including evaluating and implementing controls on Software as a Service (SaaS) services and Cloud infrastructure
• Develop and execute methods to identify internal and external risks to data and to enhance objective, data driven risk modelsAssist and/or build controls to mitigate risk, re-engineer or assist in re-engineering new processes where required (e.g. on-boarding, off-boarding, vulnerability management, etc.) across all critical business systems
• Manage the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
• Responsible for the execution and management of security compliance certification programs across the company that our customers depend onBuild automation into the design of control to eliminate the human elements
• Build the team through personal growth and recruitment

We’d love to hear from you if you:

• Minimum of 7+ years of information security, IT audit and/or IT Risk Management experience
• Expert understanding of NIST CSF, ISO 27002, SOC 2, and SOX frameworks
• You’re a relationship builder and have worked with both business and technical risk and understand how to translate between the two and communicate to various levels of technical and business management.
• Have built and coached teams to be better security and privacy practitionersLike working on small, autonomous agile team.
• At Klaviyo, you will have ownership of security, but you'll collaborate with everyone to make sure we produce implement the right solutions.