Senior Security Compliance Engineer

Requirements

• 3-5 years of experience in security compliance, GRC engineering, security engineering, or a closely related field with a strong emphasis on automation and scalable processes
• Understanding of modern cloud-native web application architectures and related security best practices, especially in the context of AWS, Kubernetes, and AI
• Experience implementing and operating Compliance Automation platforms, such as Drata, Vanta, Anecdotes, HyperProof, etc.
• Hands-on experience executing compliance programs for SOC 2, ISO 27001, ISO 27017, PCI, and/or SOX ITGCs
• Proficiency in one or more programming/scripting languages (e.g. Python, Go, SQL) with hands-on experience building automation for compliance workflows, integrating REST APIs, and working with GRC tooling
• Experience applying GRC Engineering principles and values in practice , especially with regard to automation, systems + design thinking, and threat-informed GRC
• Everyone on our team must have
• A strong bias toward evidence, logic, math, and reason when communicating risk (instead of fear, uncertainty, and doubt)
• A strong bias toward "guardrails, not gates" and "paved security roads" philosophies (instead of rigid "centrali

Additional Information

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you're a close but not exact match with the description, we hope you'll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny. At Klaviyo, we're on a mission to empower creators to own their destiny. Our AI-first B2C CRM platform empowers 176,000+ brands in 80+ countries to cultivate relationships with hundreds of millions of consumers. We love solving hard problems and look for people who specialize in certain areas while being passionate about building, owning, and scaling solutions end-to-end, overcoming any obstacle in their way. We are a team of ambitious, customer-obsessed peers who are insatiably curious and meticulous in our craft. We push each other to grow beyond our comfort zone, learn new things, and work hard to ensure each day is better than the last. An exciting opportunity within the Security Trust and Risk (STAR) team whose mission is to ensure the safety and security of our customers, partners and Klaviyos as well as deliver best in class technology solutions, infrastructure and services. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology, embrace automation and AI, and support Klaviyo's continued scalability and sustainable employee growth in a rapidly evolving environment. About this role We're seeking a highly motivated Senior Security Compliance Engineer to serve as a trusted advisor and hands-on engineer within our Security Trust & Compliance team. You'll design, build, and optimize automated solutions that streamline compliance operations, strengthen continuous control monitoring, and integrate GRC tooling across Klaviyo's systems. You'll partner closely with cross-functional teams, such as Engineering, IT, Security, Legal, Internal Audit, and more. You'll help Klaviyo scale securely, sustainably deliver more value for our customers, and bolster their trust in us. As a Senior Security Compliance Engineer, you'll focus primarily on: Compliance operations & audits (for SOC 2, ISO 27001, ISO 27017, PCI, and SOX ITGCs) Continuous control monitoring GRC automation & tooling (e.g. compliance automation platforms, API integrations, scripted evidence collection and control validation) How you'll have an impact Design, develop, and maintain automated compliance workflows using scripting, APIs, and GRC tooling to streamline evidence collection, control validation, and audit readiness across SOC 2, ISO 27001, ISO 27017, PCI, and SOX ITGCs Build and improve continuous control monitoring capabilities that provide real-time visibility into Klaviyo's compliance posture and proactively surface control gaps Partner with the Security Risk team to streamline end-to-end Security Compliance-to-Risk operations, ensuring compliance findings and control observations flow efficiently into risk management workflows Implement and customize compliance automation platforms (e.g. Drata, Vanta, Anecdotes) and integrate them with Klaviyo's internal systems, CI/CD pipelines, and cloud infrastructure Serve as a trusted advisor to Engineering and Product teams, embedding compliance-by-design into architecture decisions and helping teams understand and meet security control requirements Identify and drive high-value opportunities to use AI and automation to eliminate toil, improve compliance operations, and scale our programs alongside Klaviyo's growth

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Klaviyo? Share your experience