Manager, Security Trust & Compliance

At Klaviyo were on a mission to empower creators to own their destiny. Our AI-first B2C CRM platform empowers 176000 brands in 80 countries to cultivate relationships with hundreds of millions of consumers. We love solving hard problems and look for people who specialize in certain areas while being passionate about building owning and scaling solutions end-to-end overcoming any obstacle in their way. We are a team of ambitious customer-obsessed peers who are insatiably curious and meticulous in our craft. We push each other to grow beyond our comfort zone learn new things and work hard to ensure each day is better than the last.

About this role

Within our Information Security department the Security Trust & Risk (STAR) group enables Klaviyos to take smart disciplined risks while bolstering customer trust. To that end within STAR our Security Trust & Compliance team drives the following programs:

• Compliance operations & audits (for SOC 2 ISO 27001 ISO 27017 PCI and SOX ITGCs)
• Continuous control monitoring
• Security policies & standards
• Security education & awareness
• Customer trust operations & enablement (e.g. security questionnaires customer calls trust center administration tech partner due diligence etc.)
• Identity governance (e.g. user access reviews just-in-time access workflows just-enough-access audits/remediation)
• Privacy operations in partnership with Legal (e.g. data subject requests records of processing activities etc.)

Were seeking a highly motivated Manager of Security Trust & Compliance to lead and support a talented team of GRC practitioners to drive the continuing evolution of these programs. Youll partner closely with cross-functional teams such as Engineering Sales Legal IT Security Internal Audit and more. Through all of this youll help Klaviyo scale securely sustainably deliver more value for our customers and bolster their trust in us.

What youll be doing

• Lead support and develop our Trust team helping your team members with professional development goal achievement and partnering effectively across Klaviyo
• Partner with STAR team leadership to plan oversee and drive execution of our projects and operations to ensure timely delivery of high-quality business outcomes
• Define a compelling vision/strategy for our Trust programs to continuously improve the efficiency and effectiveness of how we drive governance cultivate culture uphold compliance and bolster trust
• Continuously seek out and prioritize high-value opportunities for the Trust team to use AI and automation to streamline our processes and eliminate toil
• Drive cross-functional alignment between the CISO organization and partner teams to ensure Trust-related priorities are strongly aligned with department- and company-level goals/OKRs

Wed love to hear from you if you have many of the following:

• Experience leading developing and managing teams of individual contributors with an intentional focus on fostering diversity and belonging throughout the entire employee lifecycle
• Broad and deep understanding of modern cloud-native web application architectures and related security best practices especially in the context of AWS Kubernetes and AI
• Experience implementing Compliance Automation products such as Drata Vanta Anecdotes HyperProof etc.
• Experience executing/leading compliance programs for SOC 2 ISO 27001 ISO 27017 ISO 27018 PCI HIPAA GDPR CCPA and NIS2
• Experience executing/leading core governance compliance and trust programs such as continuous control monitoring security policies & standards security education & awareness and customer trust operations
• Experience applying GRC Engineering principles and values in practice especially with regard to automation systems design thinking and threat-informed GRC

Everyone on our team must have:

• A strong bias toward evidence logic math and reason when communicating risk (instead of fear uncertainty and doubt)
• A strong bias toward guardrails not gates and paved security roads philosophies (instead of rigid centralized command-and-control processes and operating styles)
• Excellent ability to plan prioritize and deliver results cross-functionally and in a timely fashion
• Proficiency discussing complex nuanced topics with technical & non-technical audiences alike especially software engineers
• Strong alignment with Klaviyos core values

Ideally you may also have any of the following:

• Experience with SQL building tools with REST APIs and Python
• Experience implementing Identity Governance tools and processes such as for user access reviews (UARs) and just-in-time access (JITA)
• Experience working in security operations security engineering and/or security architecture roles

We use Covey as part of our hiring and / or promotional process. For jobs or candidates in NYC certain features may qualify it as an AEDT. As part of the evaluation process we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound on April 3 2025.

Please see the independent bias audit report covering our use of Covey here

Required Experience:

Manager