Security Trust, & Compliance Analyst (GRC Analyst)

Klaviyo is a Boston startup located right in the heart of downtown Boston.  We craft software helping thousands of companies to engage and cultivate relationships with hundreds of millions of consumers.  We love taking on tough problems and look for people who specialize in certain areas but are passionate about building, owning and scaling solutions end to end and breaking through any obstacle or challenge in their way. We push each other to move out of our comfort zone, learn new technologies and work hard to ensure each day is better than the last.

As a Security Trust & Compliance Analyst at Klaviyo, you’ll work across the organization to support our customer security questionnaires and internal security audits, both of which provide assurance to our customers while also enhancing the overall security of Klaviyo. You’ll work on translating security concepts for your fellow Klaviyos and bolster security consciousness throughout the company, including by helping drive our security training, phishing testing, and internal security Q&A programs. This is your opportunity to take an active role in cybersecurity while growing your skills and knowledge in automation, risk analysis, audit management, and many aspects of information security.cloud security.

What you’ll be doing

• Bolster a company-wide security culture by educating Klaviyo employees through security awareness training, phishing tests, and other security enablement efforts
• Participate in third party vendor due diligence efforts for new vendors, existing vendors, in addition to supporting customers or prospects performing third party vendor due diligence on Klaviyo.
• Work with stakeholders for internal and external audits or examinations; coordinate efforts to ensure the necessary documentation is provided in a timely manner, complete responses to findings/exceptions, and develop action plans to correct findings/exceptions.
• Automating compliance workflows and evidence collection for our audit programs and supporting our trust operations through implementation of self-service workflows and responding to internal and external security questions

• Experience within audit or risk management areas.
• Knowledge of laws and regulations related to Information Security.
• Knowledge of various SaaS applications, high-velocity engineering groups, databases, operating systems, firewalls, networks, and others technologies relevant to cybersecurity
• Possess excellent interpersonal and communication skills and the ability to form relationships with internal and external teams.
• Familiarity with general financial and security frameworks including SOX, ISO 27001, NIST Cybersecurity Framework, Trust Services Principles, CIS, data privacy (GDPR, CCPA), etc.

Key Competencies

• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Solutions oriented
• Excellent verbal and written communication
• Working collaboratively
• Strong alignment with Klaviyo’s core values