Manager, Security Trust & Compliance

At Klaviyo, we're on a mission to empower creators to own their destiny. Our AI-first B2C CRM platform empowers 176,000+ brands in 80+ countries to cultivate relationships with hundreds of millions of consumers. We love solving hard problems and look for people who specialize in certain areas while being passionate about building, owning, and scaling solutions end-to-end, overcoming any obstacle in their way. We are a team of ambitious, customer-obsessed peers who are insatiably curious and meticulous in our craft. We push each other to grow beyond our comfort zone, learn new things, and work hard to ensure each day is better than the last.

About this role

Within our Information Security department, the Security Trust & Risk (STAR) group enables Klaviyos to take smart, disciplined risks while bolstering customer trust. To that end, within STAR, our Security Trust & Compliance team drives the following programs:

• Compliance operations & audits (for SOC 2, ISO 27001, ISO 27017, PCI, and SOX ITGCs)
• Continuous control monitoring
• Security policies & standards
• Security education & awareness
• Customer trust operations & enablement (e.g. security questionnaires, customer calls, trust center administration, tech partner due diligence, etc.)
• Identity governance (e.g. user access reviews, just-in-time access workflows, just-enough-access audits/remediation)
• Privacy operations in partnership with Legal (e.g. data subject requests, records of processing activities, etc.)

We're seeking a highly motivated Manager of Security Trust & Compliance to lead and support a talented team of GRC practitioners to drive the continuing evolution of these programs. You'll partner closely with cross-functional teams, such as Engineering, Sales, Legal, IT, Security, Internal Audit, and more. Through all of this, you'll help Klaviyo scale securely, sustainably deliver more value for our customers, and bolster their trust in us.

What you'll be doing

• Lead, support, and develop our Trust team, helping your team members with professional development, goal achievement, and partnering effectively across Klaviyo
• Partner with STAR team leadership to plan, oversee, and drive execution of our projects and operations to ensure timely delivery of high-quality business outcomes
• Define a compelling vision/strategy for our Trust programs to continuously improve the efficiency and effectiveness of how we drive governance, cultivate culture, uphold compliance, and bolster trust
• Continuously seek out and prioritize high-value opportunities for the Trust team to use AI and automation to streamline our processes and eliminate toil
• Drive cross-functional alignment between the CISO organization and partner teams to ensure Trust-related priorities are strongly aligned with department- and company-level goals/OKRs

We'd love to hear from you if you have many of the following:

• Experience leading, developing, and managing teams of individual contributors, with an intentional focus on fostering diversity and belonging throughout the entire employee lifecycle
• Broad and deep understanding of modern cloud-native web application architectures and related security best practices, especially in the context of AWS, Kubernetes, and AI
• Experience implementing Compliance Automation products, such as Drata, Vanta, Anecdotes, HyperProof, etc.
• Experience executing/leading compliance programs for SOC 2, ISO 27001, ISO 27017, ISO 27018, PCI, HIPAA, GDPR, CCPA, and NIS2
• Experience executing/leading core governance, compliance, and trust programs, such as continuous control monitoring, security policies & standards, security education & awareness, and customer trust operations
• Experience applying GRC Engineering principles and values in practice, especially with regard to automation, systems + design thinking, and threat-informed GRC

Everyone on our team must have:

• A strong bias toward evidence, logic, math, and reason when communicating risk (instead of fear, uncertainty, and doubt)
• A strong bias toward "guardrails, not gates" and "paved security roads" philosophies (instead of rigid "centralized command-and-control" processes and operating styles)
• Excellent ability to plan, prioritize, and deliver results cross-functionally and in a timely fashion
• Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike, especially software engineers
• Strong alignment with Klaviyo's core values

Ideally, you may also have any of the following:

• Experience with SQL, building tools with REST APIs, and Python
• Experience implementing Identity Governance tools and processes, such as for user access reviews (UARs) and just-in-time access (JITA)
• Experience working in security operations, security engineering, and/or security architecture roles

We use Covey as part of our hiring and / or promotional process. For jobs or candidates in NYC, certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 3, 2025.

Please see the independent bias audit report covering our use of Covey here