Senior GRC Analyst

Klaviyo is seeking a skilled, motivated, and collaborative Team Lead, GRC (Governance, Risk, and Compliance) who will direct the implementation of a proactive risk-based framework. In this role, you will be a key leader on the Security Risk and Trust team to move forward the Governance, Risk and Compliance practice by influencing various practice groups across Klaviyo. You will implement the practices to shift from a controls-based approach to a qualitative and quantitative risk-based approach for managing information security and operational risk. You will serve as an expert and be a mentor to other members of the Risk and Trust team. You will be a strong communicator and influencer, “customer” focused, demonstrate curiosity to learn and understand the business.

• Lead activities for Klaviyo’s third party audit programs for SOC 2, ISO 27000 series, ITGCs and other strategic compliance frameworks. 
• Mentor and develop your team.
• Establish and drive control maturity activities across multiple compliance frameworks 
• Establish/maintain processes and procedures that support audit and compliance management as daily operational functions vs. a disruptive event.
• Implement and measure a GRC roadmap that is aligned with business needs.
• Collaborate with stakeholder teams (e.g. engineering, product, sales, legal) to help support practical and scalable outcomes.
• Develop partnerships with control owners, translate control remediation opportunities into business-enabling processes and standards .
• Lead continuous process improvement, automation and third-party tooling that support scalable compliance and audit support functions.
• Provide transparency and status reporting through the use of meaningful and actionable scorecards and relevant operational metrics and KPI’s.
• Identify potential risk exposures to business critical technology solutions; work with stakeholders to implement appropriate solutions to mitigate exposure.
• Enhance the team with your individualism, spirit, and love of learning.

• Minimum of eight (8) years equivalent work experience (Risk, IT Operations, Security and/or Audit areas).
• You have a deep understanding and demonstrated experience of leveraging standard risk frameworks (e.g. FAIR, NIST CSF) and have implemented in a large organization
• Possess excellent interpersonal skills and the ability to form relationships with internal and external teams.
• You have demonstrable experience managing, mentoring and coaching team members
• You have demonstrable experience in successfully working with and positively influencing engineering teams, while understanding their daily challenges and demands.
• You have successfully served as a liaison for the organization and third parties (e.g. auditors) in the capacity of managing risk assessment and audit lifecycles.
• You possess a deep understanding of regulatory regimes and have leveraged and implemented common control mappings (e.g. GDPR, CCPA, NIST 800-53, ISO 27001, PCI DSS, SOX).

• You’ve managed a multi-cloud authorization or continuous monitoring program.
• Certifications are not a strict requirement but are appreciated.
• You have a background in systems, software or IT administration and have been responsible for the implementation of technical security controls.
• You take pride in your writing ability and have been praised for it.
• You talk like you write; you are clear, concise, confident, and unafraid to make presentations. You have the gravitas and command presence to attend meetings where you’ll represent the concerns of security, sometimes against other organizational pressures, while maintaining positive and productive stakeholder relationships.
• You’re familiar with other cloud based productivity tools (e.g., Atlassian, Google Workspace).

• Values Differences
• Instills Trust
• Drives Results
• Directs Work
• Persuades
• Manages Complexity
• Manages Ambiguity
• Action Oriented
• Communicates Effectively