Senior Technical Program Manager

At Klaviyo we value the unique backgrounds experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If youre a close but not exact match with the description we hope youll still consider applying. Want to learn more about life at Klaviyo Visit see how we empower creators to own their own destiny.

About the team:

An exciting opportunity within the Security Strategy and Governance (SSG) team whose mission is to ensure the safety and security of our customers partners and Klaviyos as well as deliver best in class technology solutions infrastructure and services. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology embrace automation and AI and support Klaviyos continued scalability and sustainable employee growth in a rapidly evolving environment.

The SSG team assists the Global Security Services (GSS) organization in developing and refining information security strategy creating metrics and reporting coordinating cross-functional projects and strategically aligning global information security initiatives with the broader CISO vision. The SSG team is highly collaborative and cross-functional working closely with various functions within the GSS team (namely Security Risk and Trust Security Product and Development Global Protection Services and Security Intelligence Operations) Global Technology Solutions (GTS) team and the broader Klaviyo organization.

About the role:

The Lead Technical Programme Manager is an expert-level technical programme leader with a remit to support strategic initiatives across the wider GSS organisation. Reporting into the Head of Security Strategy and Governance you will drive end-to-end delivery of complex technically demanding cross-functional programmes spanning third-party risk compliance and audit readiness AI governance and risk and control framework rollouts. You will partner with Engineering Product GTS Legal and business operations stakeholders to keep delivery on track surface risk early and ensure programmes ship measurable outcomes that move Klaviyos risk posture forward.

How youll have an impact:

• Lead programme delivery for GSSs most complex initiatives including third-party risk compliance and audit readiness AI governance and the data-driven cyber risk and control framework with minimal oversight and clear ownership of outcomes
• Set and continuously refine the programme rhythm: planning cycles status reporting OKR alignment and decision logs that connect day-to-day execution to GSS and Klaviyo-level objectives
• Apply AI-enabled GSS tooling to reduce manual toil and improve the timeliness and signal of programme reporting
• Identify automation and AI opportunities in programme management itself status drafting drift detection action tracking and partner with SSGs reporting and analytics capability to operationalise them
• Run risk analysis contingency planning and trade-off conversations with senior stakeholders; raise critical issues early with clear options data and recommendations
• Maintain authoritative status materials for GSS leadership team monthly KPI updates and quarterly Board contributions accurate succinct and decision-ready
• Act as a player-coach to other programme managers across GSS and GTS modelling delivery standards mentoring on practice and developing reusable playbooks and runbooks
• Flex into other GSS functions Security Product and Development Security Intelligence Operations where strategic initiatives need senior programme leadership

Who you are:

• 6 years of experience as a technical programme manager in information security with a track record of delivering complex multi-team initiatives across engineering and security stakeholders; demonstrated expertise scoping planning and delivering strategic and tactical security programmes within a matrixed environment
• Manage the Information Security Risk Management lifecycle by partnering with engineering and security experts to implement regulations test controls and deploy security solutions across the technology stack.
• Working knowledge of security frameworks NIST ISO 27001 SOC 2 PCI DSS CIS Controls and how they translate into credible delivery plans
• Project management and/or security framework certifications (PMP PRINCE2 ITIL COBIT ISO 27001) are expected at this level
• Experience building and tracking security KPIs and metrics to measure program success and drive continuous improvement.
• Practical experience using AI-enabled or automation-first programme tooling (security GRC TPRM continuous control monitoring) and a clear point of view on where AI augments versus replaces human judgement in programme delivery
• A strong communicator and problem-solver who balances persuasion with active listening possesses exceptional stakeholder management skills to engage with engineering leaders and executives and utilizes proven project management techniques to drive results.

Nice to have:

• 3 years of hands-on experience in equivalent security roles such as Security Delivery Manager Information Security Officer or Threat Intelligence Programme Manager
• Relevant professional certifications such as Certified Information Systems Security Professional Certified Information Security Manager Certified in Risk and Information Systems Control CompTIA Cybersecurity Analyst or Certified Fraud Examiner
• Exposure to AI governance model risk or responsible-AI programme work
• Knowledge of privacy legislation and regulations such as HIPAA and GDPR
• Experience working with security and risk tooling in cloud infrastructure hosting and platform contexts