Senior Security Compliance Engineer

12 hours, 58 minutes ago
Full-time
Senior
DevOps and Infrastructure
Klaviyo

Klaviyo

Klaviyo offers intelligent email marketing, SMS, and automation services for ecommerce businesses, empowering brands to personalize customer interactions and drive growth.

IT Services
1K-5K
Founded 2012

Description

  • Design, develop, and maintain automated compliance workflows for evidence collection, control validation, and audit readiness.
  • Build and improve continuous control monitoring capabilities to surface compliance gaps in real time.
  • Partner with the Security Risk team to connect compliance findings and control observations to risk management workflows.
  • Implement and customize compliance automation platforms and integrate them with internal systems, CI/CD pipelines, and cloud infrastructure.
  • Advise Engineering and Product teams on compliance-by-design and security control requirements.
  • Identify and drive opportunities to use AI and automation to reduce toil and scale compliance programs.
  • Support audits and compliance operations for SOC 2, ISO 27001, ISO 27017, PCI, and SOX ITGCs.
  • Collaborate cross-functionally with teams including Engineering, IT, Security, Legal, and Internal Audit.

Requirements

  • 3–5 years of experience in security compliance, GRC engineering, security engineering, or a closely related field.
  • Strong emphasis on automation and scalable processes.
  • Understanding of modern cloud-native web application architectures and security best practices, especially in AWS, Kubernetes, and AI contexts.
  • Experience implementing and operating compliance automation platforms such as Drata, Vanta, Anecdotes, or HyperProof.
  • Hands-on experience executing compliance programs for SOC 2, ISO 27001, ISO 27017, PCI, and/or SOX ITGCs.
  • Proficiency in one or more scripting or programming languages such as Python, Go, or SQL.
  • Hands-on experience building automation for compliance workflows, integrating REST APIs, and working with GRC tooling.
  • Experience applying GRC Engineering principles, including automation, systems and design thinking, and threat-informed GRC.
  • Strong bias toward evidence, logic, math, and reason when communicating risk.
  • Excellent ability to plan, prioritize, and deliver results cross-functionally and on time.
  • Ability to discuss complex technical topics with both technical and non-technical audiences, especially software engineers.
  • Strong alignment with Klaviyo’s core values.
  • Preferred: experience implementing identity governance tools and processes such as user access reviews (UARs) and just-in-time access (JITA).
  • Preferred: experience in security operations, security engineering, and/or security architecture roles.
  • Preferred: experience with additional compliance frameworks such as ISO 27018, HIPAA, GDPR, CCPA, or NIS2.

Benefits

  • Base salary range of $120,000–$180,000 USD for U.S. locations.
  • Eligibility for the company’s annual cash bonus plan.
  • Possible equity compensation and sign-on payments.
  • Comprehensive health, welfare, and wellbeing benefits based on eligibility.
  • Support for remote or location-based hiring with recruiter-provided salary details by preferred location.
  • Up to 10% travel for onboarding, team meetings, client or partner work, and industry events, coordinated in advance.
  • Accommodations available as needed for responsible use of AI in the interview process.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Active Directory / Identity Engineer

Keywords Studios 10K-50K Internet Software & Services

Keywords Group is seeking an experienced Active Directory SME and Azure Identity Lead to guide company-wide identity architecture and support global IT across on-premises and cloud environments.

Active Directory Cybersecurity DHCP DNS PowerShell
12 hours, 13 minutes ago

Website Security Engineer

PetDesk 51-250 Health Care Providers & Services

PetDesk is hiring a Website Security Specialist to protect its website portfolio by preventing vulnerabilities, responding to incidents, and maintaining secure technical operations across the full site lifecycle.

WordPress
12 hours, 58 minutes ago

Principal AI Security Specialist - Federal

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Principal AI Security Specialist to lead field-facing enterprise AI security engagements, helping Fortune 500 customers adopt GenAI securely across complex sales cycles.

Cybersecurity Generative AI LLM
1 day, 11 hours ago

ZScaler Engineer (R-00171)

True Zero Technologies 11-50 Internet Software & Services

True Zero Technologies is seeking a Senior ZScaler Consultant to support enterprise customer deployments by designing, implementing, and operationalizing ZScaler solutions across ongoing projects and presales engagements.

Active Directory CrowdStrike Cybersecurity DNS GitLab SAML SIEM Splunk TLS Wireshark
1 day, 12 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers