Lead Security Governance & Risk Engineer
Klaviyo
At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny.
An exciting opportunity within the Security Trust and Risk (STAR) team whose mission is to ensure the safety and security of our customers, partners and Klaviyos as well as deliver best in class technology solutions, infrastructure and services. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology, embrace automation and AI, and support Klaviyo's continued scalability and sustainable employee growth in a rapidly evolving environment.
The STAR team assists the Global Security Services (GSS) organization in developing and refining information security policies, standards and strategy, enterprise risk management, creating metrics and reporting, coordinating cross-functional projects, and strategically aligning global information security initiatives with the broader CISO vision amongst other governance, risk and compliance efforts. The STAR team is highly collaborative and cross-functional, working closely with various functions within the GSS team (namely Security Product and Development and Security Intelligence Operations), Global Technology Solutions (GTS) team and the broader Klaviyo organization.
About the role:
The Lead Security Governance & Risk Engineer is a senior, hands-on role at the point where security governance meets risk engineering. You will own the parts of the risk programme that turn policy and standards into measured, monitored, and automated risk decisions. Reporting to the Senior Manager, Security Risk Engineering and operating as a second line of defense, you will run the technology and third-party risk register, lead AI risk governance and ISO 42001 readiness, and build the automation that gives Klaviyo a continuously updated, quantified view of its risk posture.
You will work alongside the Trust and Compliance team who are the custodians of our security policies and standards, making sure each one connects to a specific risk it reduces and is enforced through operational controls rather than living as a document. You will partner closely with Engineering, Product, GTS, Legal, Internal Audit, the ARIA team, and Finance to make risk legible across the business, and you will challenge first-line teams credibly while keeping your independence. This is a role for an engineer who thinks like a risk professional: someone who automates repeatable assessment, instruments controls, quantifies risk in financial terms, and treats AI as foundational infrastructure rather than an afterthought.
Don't want to miss the next one?
Subscribe to daily email alerts for roles matching your interests.