Lead Security Risk Engineer

Klaviyo is building a world where creators are empowered to own their destiny. In support of this, our Risk & Trust team empowers our fellow Klaviyos to securely deliver value to and foster trust with our customers. Our Risk function enables Klaviyo to take smart risks while bolstering accountability around timely and effective mitigation of unsustainable risks. To that end, we’re looking for a highly motivated and collaborative Lead Security Risk Engineer (Team Lead / Manager) who will help us rapidly mature our Risk function by using engineering principles and data-driven strategies to more precisely identify, understand, and communicate risk. 

You’ll partner closely with Engineering, IT, Security, Leadership, and basically every other team at Klaviyo to create a holistic view of risk based on high quality data about our assets, weaknesses, threats, and safeguards (controls). You will help evolve our risk management practices to be transparent, evidence-based, and centered around quantitative risk models. Through all of this, Klaviyo will be in a much better position to sustainably grow and deliver value to our customers.

What you’ll be doing

• Automate and streamline third-party and internal security risk management processes and tools
• Build metrics (KPIs, KRIs, KCIs) that provide real-time insight into our risk posture
• Identify and assess risk scenarios using qualitative and quantitative methods, such as FAIR
• Co-create mitigation and remediation plans with InfoSec and partner team SMEs
• Lead and mentor Risk team members to help them reach their full potential and achieve their development goals

• Experience with data query languages, writing code, and integrating with web APIs
• Experience designing, building, or implementing technical security controls in AWS
• Experience building metrics using business intelligence, data analytics, or dashboarding tools
• Experience with cyber risk quantification (CRQ) tools and frameworks, such as riskquant and FAIR
• Excellent ability to plan, prioritize, and execute work cross functionally and on time
• Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike
• Strong alignment with Klaviyo’s core values

Bonus points if you have any of the following:

• Experience with threat modeling or secure design reviews 
• Experience in security operations
• Experience securing Kubernetes and container-based infrastructure