Senior Security Compliance Engineer

KlaviyoNiederdorla
Gehalt: Von 120.000,00 € bis 180.000,00 €

About this Role

We’re seeking a highly motivated Senior Security Compliance Engineer to serve as a trusted advisor and hands‐on engineer within our Security Trust & Compliance team. You’ll design, build, and optimize automated solutions that streamline compliance operations, strengthen continuous control monitoring, and integrate GRC tooling across Klaviyo’s systems.

Key Responsibilities

  • Compliance operations & audits (SOC 2, ISO 27001, ISO 27017, PCI, and SOX ITGCs)
  • GRC automation & tooling (compliance automation platforms, API integrations, scripted evidence collection and control validation)

Impact

  • Design, develop, and maintain automated compliance workflows using scripting, APIs, and GRC tooling to streamline evidence collection, control validation, and audit readiness across SOC 2, ISO 27001, ISO 27017, PCI, and SOX ITGCs.
  • Build and improve continuous control monitoring capabilities that provide real‐time visibility into Klaviyo’s compliance posture and proactively surface control gaps.
  • Partner with the Security Risk team to streamline end‐to‐end Security Compliance‐to‐Risk operations, ensuring compliance findings and control observations flow efficiently into risk management workflows.
  • Implement and customize compliance automation platforms (e.g., Drata, Vanta, Anecdotes) and integrate them with Klaviyo’s internal systems, CI/CD pipelines, and cloud infrastructure.
  • Serve as a trusted advisor to Engineering and Product teams, embedding compliance‐by‐design into architecture decisions and helping teams understand and meet security control requirements.
  • Identify and drive high‐value opportunities to use AI and automation to eliminate toil, improve compliance operations, and scale our programs alongside Klaviyo’s growth.

Qualifications

  • 3–5 years of experience in security compliance, GRC engineering, security engineering, or a closely related field with a strong emphasis on automation and scalable processes.
  • Understanding of modern cloud‐native web application architectures and related security best practices, especially in the context of AWS, Kubernetes, and AI.
  • Experience implementing and operating Compliance Automation platforms (e.g., Drata, Vanta, Anecdotes, HyperProof).
  • Hands‐on experience executing compliance programs for SOC 2, ISO 27001, ISO 27017, PCI, and/or SOX ITGCs.
  • Proficiency in one or more programming/scripting languages (e.g., Python, Go, SQL) with hands‐on experience building automation for compliance workflows, integrating REST APIs, and working with GRC tooling.
  • Strong bias toward evidence, logic, math, and reason when communicating risk.
  • Strong bias toward guardrails rather than gates and paved security roads philosophies.
  • Excellent ability to plan, prioritize, and deliver results cross‐functionally and in a timely fashion.
  • Proficiency discussing complex, nuanced topics with technical and non‐technical audiences alike.

Desired Experience

  • Experience implementing Identity Governance tools and processes, such as UARs and JITA.
  • Experience working in security operations, security engineering, and/or security architecture roles.
  • Experience with additional compliance frameworks such as ISO 27018, HIPAA, GDPR, CCPA, or NIS2.

Salary & Benefits

Base Pay Range For US Locations: $120,000 — $180,000 USD. In addition to base salary, the total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign‐on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility.

Travel

This role may require up to 10% travel for purposes such as new hire onboarding, client or partner work if applicable, team meetings, and industry events. Travel is coordinated in advance.

Massachusetts Applicants

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Legal & Equal Opportunity

Klaviyo is committed to a policy of equal opportunity and non‐discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.

Privacy Notice

By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice. If you do not wish for Klaviyo to process your Personal Data, please do not submit an application.

Important Notice

Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All legitimate job postings can be found on our official career site.

#J-18808-Ljbffr