Lead Security Governance & Risk Engineer

3 hours, 54 minutes ago
Full-time
Lead
Data Science and Analytics
Klaviyo

Klaviyo

Klaviyo offers intelligent email marketing, SMS, and automation services for ecommerce businesses, empowering brands to personalize customer interactions and drive growth.

IT Services
1K-5K
Founded 2012

Description

  • Operate and maintain the technology and third-party risk register and taxonomy using a consistent risk standard.
  • Lead AI risk governance and ISO/IEC 42001 readiness, including maintaining the AI risk assessment methodology, risk criteria, and consolidated AI risk register.
  • Define AI risk treatment plans that map risks to specific controls and treatment decisions.
  • Drive third-party risk automation and contribute vendor and application risk signals into the composite risk score.
  • Perform cyber risk quantification using expected loss, probability, and remediation-versus-acceptance analysis to support investment and risk decisions.
  • Support weekly risk huddles, monthly risk reviews, and quarterly Technology Risk Committee meetings with clear, decision-ready materials.
  • Operate as a second line of defense by providing independent oversight, credible challenge, and escalation of risks above tolerance.
  • Partner cross-functionally with Engineering, Product, GTS, Legal, Internal Audit, ARIA, and Finance to track risk and audit findings through remediation and closure.
  • Help align security policies and standards to the risks they reduce and to the operational controls that enforce them.

Requirements

  • 7+ years of experience in information security, technology risk, cyber risk, or operational risk in a large, complex, or high-growth organization.
  • Hands-on experience in risk engineering or quantitative risk work.
  • Strong command of cyber risk quantification, including FAIR, riskquant, or similar methods.
  • Hands-on engineering ability with SQL, Python, and APIs for data extraction, transformation, loading, and reporting automation.
  • Experience building and running a technology and/or third-party risk register and taxonomy.
  • Working knowledge of NIST CSF and RMF, ISO 27000 series, ISO 42001, SOC 2, PCI DSS, and CIS Controls.
  • Hands-on familiarity with third-party risk platforms, cyber risk quantification tools, vulnerability management, and endpoint/data-security telemetry.
  • Experience authoring and maintaining security policies and standards with a governance mindset.
  • Ability to operate independently as a second line of defense while engaging credibly with senior technical stakeholders.
  • Strong communication, prioritization, and cross-functional execution skills.
  • Experience leading a shift from traditional GRC/compliance toward an automated, engineering-led, or AI-enabled risk capability is preferred.
  • AI governance, model risk, or responsible-AI program experience, and ISO 42001 readiness or certification work, is preferred.
  • Experience building KPI, KRI, or KCI dashboards in tools such as Tableau is preferred.
  • Experience in regulated or high-trust environments such as SOC 2, ISO 27000 series, ISO 42001, HIPAA, or GDPR is preferred.
  • Threat modeling, secure design reviews, or technical security control implementation in AWS is preferred.
  • Experience securing web applications, Kubernetes clusters, and/or containers is preferred.
  • Relevant certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Lead Implementer, ISO 42001/AI governance certification, or Open FAIR are preferred.

Benefits

  • Base salary range of $156,000 to $234,000 USD for U.S. locations.
  • Participation in the company’s annual cash bonus plan.
  • Potential equity as part of the total compensation package.
  • Sign-on payments may be included in the compensation package.
  • Comprehensive health, welfare, and wellbeing benefits, subject to eligibility.
  • Up to 10% travel for onboarding, partner work, team meetings, and industry events, coordinated in advance.
  • Accommodation support and responsible AI guidance during the interview process.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Senior Security Engineer I – Customer Trust (Remote Eligible)

Smartsheet 1K-5K Internet Software & Services

Smartsheet is hiring a Sr. Security Engineer I to lead US customer trust operations by managing security assessment responses, supporting enterprise customer engagements, and strengthening confidence in the company’s security posture.

AWS Azure Encryption GCP HIPAA
4 hours, 9 minutes ago

Senior Security Engineer

GXA 11-50 Internet Software & Services

GXA is hiring a Security Engineer to support the hands-on operation, incident response, and continuous improvement of its gShield security services across client and internal environments.

SIEM SOC
5 hours, 9 minutes ago

Engineering Manager - Cloud & Security (m/f/x)

FINN 251-1K Consumer Services

FINN is hiring an Engineering Manager to lead its Tooling & Security team in building and improving internal tooling, cloud governance, and security operations that help the company work efficiently and securely.

AWS GCP Go Python Serverless TypeScript
5 hours, 24 minutes ago

Manager of Identity Access Management

Hasbro 5K-10K Consumer Goods

Wizards of the Coast is seeking a Manager, Identity Platform Engineering to lead the enterprise identity systems that secure access across its internal studios and multi-cloud environment.

Active Directory AWS OpenID Connect SAML
1 day, 4 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers