Senior Security Compliance Engineer - Klaviyo

Key Responsibilities

• Develop and maintain security compliance frameworks for ISO 27001, SOC 2, and relevant regulatory requirements.
• Lead risk assessments, vulnerability scans, and penetration tests to identify and remediate security gaps.
• Collaborate with engineering, product, and legal teams to embed security controls into product development and deployment pipelines.
• Manage third‑party audit engagements, prepare audit evidence, and coordinate remediation plans.
• Provide guidance on cloud security best practices, especially within AWS environments, and oversee configuration hardening.

Requirements

• 5+ years of experience in security compliance, risk management, or related fields.
• Deep knowledge of ISO 27001, SOC 2, GDPR, CCPA, and other regulatory frameworks.
• Hands‑on experience with AWS security services (IAM, GuardDuty, Config, Security Hub).
• Strong understanding of penetration testing methodologies and vulnerability management.
• Excellent communication skills and ability to translate technical findings into actionable business recommendations.