Manager, Security Trust

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you're a close but not exact match with the description, we hope you'll still consider applying. Want to learn more about life at Klaviyo? Visit to see how we empower creators to own their own destiny.

At Klaviyo, we're on a mission to empower creators to own their destiny. Our AI-first B2C CRM platform empowers 176,000+ brands in 80+ countries to cultivate relationships with hundreds of millions of consumers. We love solving hard problems and look for people who specialize in certain areas while being passionate about building, owning, and scaling solutions end-to-end, overcoming any obstacle in their way. We are a team of ambitious, customer-obsessed peers who are insatiably curious and meticulous in our craft. We push each other to grow beyond our comfort zone, learn new things, and work hard to ensure each day is better than the last.

About this role

Within our Information Security department, the Security Trust & Risk (STAR) group enables Klaviyos to take smart, disciplined risks while bolstering customer trust. To that end, within STAR, our Security Trust & Compliance team drives the following programs:

• Compliance operations & audits (for SOC 2, ISO 27001, ISO 27017, PCI, and SOX ITGCs)
• Continuous control monitoring
• Security policies & standards
• Security education & awareness
• Customer trust operations & enablement (e.g. security questionnaires, customer calls, trust center administration, tech partner due diligence, etc.)
• Identity governance (e.g. user access reviews, just-in-time access workflows, just-enough-access audits/remediation)
• Privacy operations in partnership with Legal (e.g. data subject requests, records of processing activities, etc.)

We're seeking a highly motivated Manager of Security Trust & Compliance to lead and support a talented team of GRC practitioners to drive the continuing evolution of these programs. You'll partner closely with cross-functional teams, such as Engineering, Sales, Legal, IT, Security, Internal Audit, and more. Through all of this, you'll help Klaviyo scale securely, sustainably deliver more value for our customers, and bolster their trust in us.

What you'll be doing

• Lead, support, and develop our Trust team, helping your team members with professional development, goal achievement, and partnering effectively across Klaviyo
• Partner with STAR team leadership to plan, oversee, and drive execution of our projects and operations to ensure timely delivery of high-quality business outcomes
• Define a compelling vision/strategy for our Trust programs to continuously improve the efficiency and effectiveness of how we drive governance, cultivate culture, uphold compliance, and bolster trust
• Continuously seek out and prioritize high-value opportunities for the Trust team to use AI and automation to streamline our processes and eliminate toil
• Drive cross-functional alignment between the CISO organization and partner teams to ensure Trust-related priorities are strongly aligned with department- and company-level goals/OKRs

We'd love to hear from you if you have many of the following:

• Experience leading, developing, and managing teams of individual contributors, with an intentional focus on fostering diversity and belonging throughout the entire employee lifecycle
• Broad and deep understanding of modern cloud-native web application architectures and related security best practices, especially in the context of AWS, Kubernetes, and AI
• Experience implementing Compliance Automation products, such as Drata, Vanta, Anecdotes, HyperProof, etc.
• Experience executing/leading compliance programs for SOC 2, ISO 27001, ISO 27017, ISO 27018, PCI, HIPAA, GDPR, CCPA, and NIS2
• Experience executing/leading core governance, compliance, and trust programs, such as continuous control monitoring, security policies & standards, security education & awareness, and customer trust operations
• Experience applying GRC Engineering principles and values in practice, especially with regard to automation, systems + design thinking, and threat-informed GRC

Everyone on our team must have:

• A strong bias toward evidence, logic, math, and reason when communicating risk (instead of fear, uncertainty, and doubt)
• A strong bias toward "guardrails, not gates" and "paved security roads" philosophies (instead of rigid "centralized command-and-control" processes and operating styles)
• Excellent ability to plan, prioritize, and deliver results cross-functionally and in a timely fashion
• Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike, especially software engineers
• Strong alignment with Klaviyo's core values

Ideally, you may also have any of the following:

• Experience with SQL, building tools with REST APIs, and Python
• Experience implementing Identity Governance tools and processes, such as for user access reviews (UARs) and just-in-time access (JITA)
• Experience working in security operations, security engineering, and/or security architecture roles

Get to Know Klaviyo

We're Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we're developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you're ready to do the best work of your career, where you'll be welcomed as your whole self from day one and supported with generous benefits, we hope you'll join us.

AI fluency at Klaviyo includes responsible use of AI (including privacy, security, bias awareness, and human-in-the-loop). We provide accommodations as needed.

By participating in Klaviyo's interview process, you acknowledge that you have read, understood, and will adhere to our Guidelines for using AI in the Klaviyo interview Process. For more information about how we process your personal data, see our Job Applicant Privacy Notice.

Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.

IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses ), instant messaging platforms, or unsolicited calls.

By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice. If you do not wish for Klaviyo to process your Personal Data, please do not submit an application.You can find our Job Applicant Privacy Notice here and here (FR).