At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny.
At Klaviyo, we're on a mission to empower creators to own their destiny. Our AI-first B2C CRM platform empowers 176,000+ brands in 80+ countries to cultivate relationships with hundreds of millions of consumers. We love solving hard problems and look for people who specialize in certain areas while being passionate about building, owning, and scaling solutions end-to-end, overcoming any obstacle in their way. We are a team of ambitious, customer-obsessed peers who are insatiably curious and meticulous in our craft. We push each other to grow beyond our comfort zone, learn new things, and work hard to ensure each day is better than the last.
An exciting opportunity within the Security Trust and Risk (STAR) team whose mission is to ensure the safety and security of our customers, partners and Klaviyos as well as deliver best in class technology solutions, infrastructure and services. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology, embrace automation and AI, and support Klaviyo's continued scalability and sustainable employee growth in a rapidly evolving environment.
About this role
We’re seeking a highly motivated Senior Security Compliance Engineer to serve as a trusted advisor and hands-on engineer within our Security Trust & Compliance team. You’ll design, build, and optimize automated solutions that streamline compliance operations, strengthen continuous control monitoring, and integrate GRC tooling across Klaviyo’s systems. You’ll partner closely with cross-functional teams, such as Engineering, IT, Security, Legal, Internal Audit, and more. You’ll help Klaviyo scale securely, sustainably deliver more value for our customers, and bolster their trust in us.
As a Senior Security Compliance Engineer, you’ll focus primarily on:
- Compliance operations & audits (for SOC 2, ISO 27001, ISO 27017, PCI, and SOX ITGCs)
- Continuous control monitoring
- GRC automation & tooling (e.g. compliance automation platforms, API integrations, scripted evidence collection and control validation)
How you’ll have an impact
- Design, develop, and maintain automated compliance workflows using scripting, APIs, and GRC tooling to streamline evidence collection, control validation, and audit readiness across SOC 2, ISO 27001, ISO 27017, PCI, and SOX ITGCs
- Build and improve continuous control monitoring capabilities that provide real-time visibility into Klaviyo’s compliance posture and proactively surface control gaps
- Partner with the Security Risk team to streamline end-to-end Security Compliance-to-Risk operations, ensuring compliance findings and control observations flow efficiently into risk management workflows
- Implement and customize compliance automation platforms (e.g. Drata, Vanta, Anecdotes) and integrate them with Klaviyo’s internal systems, CI/CD pipelines, and cloud infrastructure
- Serve as a trusted advisor to Engineering and Product teams, embedding compliance-by-design into architecture decisions and helping teams understand and meet security control requirements
- Identify and drive high-value opportunities to use AI and automation to eliminate toil, improve compliance operations, and scale our programs alongside Klaviyo’s growth
Who you are
- 3–5 years of experience in security compliance, GRC engineering, security engineering, or a closely related field with a strong emphasis on automation and scalable processes
- Understanding of modern cloud-native web application architectures and related security best practices, especially in the context of AWS, Kubernetes, and AI
- Experience implementing and operating Compliance Automation platforms, such as Drata, Vanta, Anecdotes, HyperProof, etc.
- Hands-on experience executing compliance programs for SOC 2, ISO 27001, ISO 27017, PCI, and/or SOX ITGCs
- Proficiency in one or more programming/scripting languages (e.g. Python, Go, SQL) with hands-on experience building automation for compliance workflows, integrating REST APIs, and working with GRC tooling
- Experience applying GRC Engineering principles and values in practice, especially with regard to automation, systems + design thinking, and threat-informed GRC
Everyone on our team must have
- A strong bias toward evidence, logic, math, and reason when communicating risk (instead of fear, uncertainty, and doubt)
- A strong bias toward “guardrails, not gates” and “paved security roads” philosophies (instead of rigid “centralized command-and-control” processes and operating styles)
- Excellent ability to plan, prioritize, and deliver results cross-functionally and in a timely fashion
- Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike, especially software engineers
- Strong alignment with Klaviyo’s core values
Ideally, you may also have any of the following:
- Experience implementing Identity Governance tools and processes, such as for user access reviews (UARs) and just-in-time access (JITA)
- Experience working in security operations, security engineering, and/or security architecture roles
- Experience with additional compliance frameworks such as ISO 27018, HIPAA, GDPR, CCPA, or NIS2
Massachusetts Applicants:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location.
In addition to base salary, our total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility.
Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process.
This role may require up to 10% travel for purposes such as new hire onboarding, client or partner work if applicable, team meetings, and industry events. Travel is coordinated in advance.
Get to Know Klaviyo
We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.
AI fluency at Klaviyo includes responsible use of AI (including privacy, security, bias awareness, and human-in-the-loop). We provide accommodations as needed.
By participating in Klaviyo’s interview process, you acknowledge that you have read, understood, and will adhere to our Guidelines for using AI in the Klaviyo interview Process. For more information about how we process your personal data, see our Job Applicant Privacy Notice.
Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.
Skills Required
- 3-5 years of experience in security compliance, GRC engineering, security engineering, or closely related field with emphasis on automation and scalable processes
- Hands-on experience executing compliance programs for SOC 2, ISO 27001, ISO 27017, PCI, and/or SOX ITGCs
- Experience implementing and operating compliance automation platforms (e.g., Drata, Vanta, Anecdotes, HyperProof)
- Proficiency in one or more programming/scripting languages (Python, Go, SQL) and building automation for compliance workflows, integrating REST APIs, and working with GRC tooling
- Understanding of modern cloud-native web application architectures and security best practices, especially AWS and Kubernetes
- Experience applying GRC engineering principles, automation, systems and design thinking, and threat-informed GRC
- Strong bias toward evidence, logic, and reason when communicating risk; effective cross-functional planning and prioritization; ability to discuss complex topics with technical and non-technical audiences
- Experience with Identity Governance tools and processes (user access reviews, just-in-time access)
- Experience in security operations, security engineering, or security architecture roles
- Familiarity with additional compliance frameworks (ISO 27018, HIPAA, GDPR, CCPA, NIS2)
What the Team is Saying
Klaviyo Compensation & Benefits Highlights
How does Klaviyo ensure its pay and bonus plans are competitive?
Klaviyo supports competitive pay through a total rewards approach that combines salary, equity, bonus opportunities, benefits, learning support and a performance culture tied to measurable impact.
- Competitive total rewards: Klaviyo’s benefits overview highlights competitive salaries, 401(k) match, employee referral bonuses, equity, an employee stock purchase plan, flexible paid time off, commuter/transit support, fitness reimbursements, mental and emotional wellbeing programming and learning support. External reviews reinforce the value of the package, with employees citing competitive pay, bonuses, RSUs, ESPP, health insurance, parental leave, unlimited PTO and learning stipends as meaningful parts of the employee experience.
- Pay connected to impact and outcomes: Klaviyo’s handbook frames performance around ownership, clarity and measurable results. The value “Know the score” states that results matter more than effort alone, while “Drivers wanted” emphasizes proactive ownership and “Be meticulous in your craft” reinforces a high bar for work quality. That creates a compensation and recognition philosophy where strong outcomes, not just activity, are central to advancement and rewards.
- Equity and long-term value: Equity is a visible part of Klaviyo’s rewards story. Klaviyo offers equity packages to all full-time employees, vesting over four years, and provides an employee stock purchase plan. That ownership opportunity sits within a growing business: in Q1 2026, Klaviyo reported $358 million in revenue, up 28% year over year, and raised full-year 2026 revenue guidance to $1.514 billion to $1.522 billion. Those business results give employees a clear connection between company performance, long-term growth and the value of ownership-based compensation.
- Rewards supported by growth and development benefits: Klaviyo’s compensation package is paired with benefits that help employees grow their careers and build long-term value. K-Pro Learn, learning stipends, mentorship, Career Architecture and manager development programs support continued skill-building. A customer success manager noted that Klaviyo offers a learning stipend for job-related coaching or training, while employee survey insights show 78% of respondents feel they are gaining the skills and experience to grow their careers.
- External signals:
- Compensation Sentiment: External reviews frequently praise Klaviyo’s competitive salary, bonuses, equity, RSUs, ESPP, 401(k) match, learning stipend and generous benefits. (Glassdoor; Comparably)
- Rewards Ratings: Comparably rates Klaviyo’s compensation an A and perks and benefits an A. (Comparably)
- Employee Value Signals: Reviews highlight PTO, health insurance, parental leave, office amenities, learning support and work-life balance as part of the overall rewards package. (Glassdoor; Comparably)
Bottom line: Klaviyo keeps compensation competitive by combining salary, bonus opportunities, equity, ESPP, retirement support, benefits and learning resources with a culture that rewards ownership, measurable outcomes and long-term impact.
Klaviyo Insights
What We Do
Klaviyo (NYSE: KVYO) is the B2C CRM. Powered by its built-in data platform and AI, Klaviyo combines marketing automation, analytics, and customer service into one unified solution, making it easy for businesses to know their customers and grow faster. Klaviyo (CLAY-vee-oh) helps over 183,000 brands like Mattel, Glossier, Daily Harvest, and Liquid Death deliver 1:1 experiences at scale, improve efficiency, and drive revenue.
Why Work With Us
We refer to our employees as ‘Klaviyos’, and we make up a diverse community united around shared values: We’re curious, collaborative, driven, innovative, fun, and fully ourselves at work. No matter which team you join, your work won’t just impact Klaviyo. It’ll help empower our customers and enable creators across the globe to own their destinies.
Gallery
Klaviyo Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
.png)
