Lead Security Risk Analyst

Experience doing security risk assessments, co-creating risk treatment strategies, and influencing risk treatment prioritization across diverse business units (Engineering, IT, Finance, Legal, etc.)
Thorough understanding of cloud-native web application architectures, security threats, and security best practices, especially in the context of AWS and Kubernetes
Experience using data visualization tools and SQL to build and operationalize security metrics (e.g. Apache Superset, Tableau, Domo, Amazon QuickSight)
Experience with scalable approaches to threat modeling, secure design reviews, and risk assessment methods that balance rigor and efficiency (e.g. Mozilla’s Rapid Risk Assessment)
Experience with security automation and process streamlining, ideally in the context of security risk management

Lead and execute new Risk program maturity projects that introduce more rigorous, streamlined, and automated approaches to risk management
Partner with other departments and teams to drive mutual understanding of security risks they own and how to prioritize managing those risks in support of Klaviyo’s goals
Create, tune, and operationalize business relevant security metrics (KPIs, KRIs, KCIs) that demonstrably improve security outcomes across Klaviyo
Review new products, product features, and internal business projects to guide teams toward secure paths forward and away from accruing new security debt
Collaboratively define and enable teams about security policies and standards that clearly establish Klaviyo’s risk tolerance bar

Experience building tools with REST APIs and Python
Experience with data engineering tools (e.g. dbt, Airflow, Airbyte) or data lake platforms (e.g. Snowflake, Databricks)
Experience with cyber risk quantification (CRQ) tools and frameworks (e.g. FAIR, RiskLens, Safe Security, etc.)