At Klaviyo, we value the unique backgrounds, experiences, and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you're a close but not exact match with the description, we hope you'll still consider applying.
About the teamAn exciting opportunity within the Global CISO Strategy (GCS) team whose mission is to ensure the safety and security of Klaviyos and our customers as well as deliver reliable IT services, infrastructure, solutions, and expert guidance. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology, embrace automation, and support Klaviyo's continued scalability and sustainable employee growth in a rapidly evolving environment.
The GCS team assists in developing and refining information security and IT strategy, driving organizational change, coordinating cross-functional projects, and strategically aligning global information security and IT initiatives with the broader Chief Information Security Officer (CISO) vision. The GCS team is highly collaborative and cross-functional, working closely within the Global Security Services (GSS) team, the Global Technology Solutions (GTS) team, and the broader Klaviyo organization.
About the roleAs an ITGC Project Manager, you'll work closely with the various GSS & GTS teams from the CISO function and a wide variety of engineering, business operations, and internal audit teams all under the leadership of the Senior Program Manager on the Global CISO Strategy team.
You'll be primarily focused on managing projects for Klaviyo's ITGC and SOX (Sarbanes–Oxley Act) compliance as well as other information security frameworks.
You'll ensure that projects are coordinated, delivered on time, and communicated well. Additionally, you will play an integral part in recommending process improvements and in helping implement those updates. This role will require a deep understanding of SOX, ITGCs, and information security best practices, as well as experience in working with engineering, technology, and business teams.
How you'll have an impactDesign, implement, monitor, and maintain SOX ITGC controls, with engineering, business partners, CISO Function, and Internal Audit.Coordinate large-scale SOX ITGC projects (i.e. scope expansion), define success, dependencies, and ensure timely delivery.Provide project management and facilitate control requirements planning, progress tracking, communication, and reporting.Identify, assess, and advise on information security risks, processes, and controls to a variety of partners.Perform risk analysis, develop contingency plans, and gather data from teams to proactively raise critical issues with key stakeholders for prioritization and tradeoff decisions.Ensure all documentation and status materials for key meetings are compiled, aggregated, and completed in a timely fashion and remain well-maintained.Establish and monitor plans to ensure the realization of goals and continuous improvements.Build relationships with internal stakeholders.What we're looking for5+ years of experience either auditing or in-house at a SaaS technology company implementing ITGC and SOX related controls such as Access Management, Change Management SOC1 Type 2, and security frameworks (e.g. SOC 2 Type II, ISO27001, NIST CSF, etc.).Experienced in designing and interpreting remediation plans to control owners and ensure that audit issues are remediated and tracked timely.Experience scoping, organizing, planning, and successfully managing strategic and tactical security projects.Experience of leading cross-functional projects with clearly defined plans and objectives within a matrix environment.You are a good communicator with strong interpersonal skills who can balance persuasiveness with active listening of diverse perspectives to achieve positive results.You've got strong organizational, problem-solving, presentation, facilitation, and follow-through skills.You demonstrate the use of project management techniques and tools.Ability to work with virtual teams to improve their technology and security practices.Nice to haveExperience in the technology or financial services industry is preferred.Experience with Netsuite, Coupa, Github, Workday, Salesforce, Freshservice, Fidelity, Navan, Stripe, and AWS.CISA, CISM, CISSP, or other related security certifications is a plus.Certifications in project management and/or IT/Security frameworks (e.g. Project Management Professional (PMP), Prince2, ITIL, COBIT, ISO27001).Knowledge of privacy legislations and regulations such as GDPR, CCPA, and PDPA.Experience in information security practices in cloud infrastructure, hosting, and platforms.
#J-18808-Ljbffr