Senior Security Risk Analyst

Experience designing, building, or implementing security controls, especially in AWS
Experience doing security risk assessments, architecture reviews, or threat modeling
Knowledge of security best practices for SaaS, IaaS, IAM, networks, or containers
Excellent ability to plan, prioritize, and execute work cross functionally and on time
Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike
Strong alignment with Klaviyo’s core values

Enhance existing risk management tools and processes to create a data driven, seamless, and excellent user experience for risk / asset owners
Consult with partner teams to proactively identify potential risks and co-create controls and mitigation plans with them
Streamline and automate third-party risk assessments, speeding up time-to-completion and enabling continuous re-assessments at scale
Mentor junior team members to help them reach their full potential and achieve their development goals
Contribute to Risk & Trust operations, such as performing third-party risk assessments, user access reviews, facilitating internal and external audits (SOC 2 Type II, ISO 27001, SOX ITGCs, etc.), continuously monitoring controls, responding to customer security questionnaires, fulfilling employees’ security service requests, etc.
Then build and implement tooling that automates repetitive toil to free up our team’s time

Experience with data query languages, writing code, or integrating with web APIs
Experience implementing FAIR or cyber risk quantification (CRQ) processes or tools
Experience with business intelligence or data analytics platforms (Tableau, Domo, etc.)