Professional Security Risk Analyst

We’re seeking a highly motivated and collaborative Professional Security Risk Analyst who will play a vital role in the evolution of our risk management programs. You'll work hand-in-hand with Engineering, IT, Security, and Leadership to implement and refine processes that drive informed risk decisions. By contributing to the development of transparent, quantitative risk models and effectively communicating security insights, you'll directly contribute to safeguarding our growing customer base. This is a fantastic opportunity to build your expertise within a collaborative and supportive team.

What you’ll be doing:

• Collaborate with senior analysts and cross-functional teams to conduct security risk assessments across various domains (e.g., applications, infrastructure, third-parties).
• Contribute to the development and maintenance of risk registers and track remediation efforts under the guidance of senior team members
• Collaborate with cross-functional teams to integrate security considerations into their workflows
• Supports the identification, assessment, and treatment of internal (1st party) security risks across various business units and IT functions
• Supports the third-party risk management program by assisting in the assessment of potential vendors to ensure security and reliability, thereby mitigating risks associated with external partnerships
• Contributes to the standardization and streamlining of risk management processes to ensure consistency and improve efficiency across the organization

We’d love to hear from you if you have:

• Experience participating in the design, building, or implementation of security controls, with exposure to AWS environments
• Experience contributing to security risk assessments, architecture reviews, and/or threat modeling to help identify and analyze potential vulnerabilities
• Experience with security best practices relevant to SaaS platforms, IaaS infrastructure, Identity and Access Management (IAM), networking principles, and container technologies
• Strong ability to plan, prioritize, and execute assigned tasks within cross-functional projects, delivering results on time and collaborating effectively with team members
• Solid analytical and problem-solving skills with an aptitude for data-driven decision-making
• Strong alignment with Klaviyo’s core values

Bonus points if you have any of the following:

• Familiarity with data query languages and experience in basic scripting or integrating with web APIs for data gathering and analysis
• Exposure to or participation in the implementation of FAIR or other cyber risk quantification (CRQ) methodologies or tools
• Experience with business intelligence or data analytics platforms (Tableau, Domo, etc.)
• Experience with GRC tool or 3rd party risk management tools