At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit klaviyo.com/careers to see how we empower creators to own their own destiny.
About the team:
An exciting opportunity within the Security Strategy and Governance (SSG) team whose mission is to ensure the safety and security of our customers, partners and Klaviyos as well as deliver best in class technology solutions, infrastructure and services. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology, embrace automation and AI, and support Klaviyo's continued scalability and sustainable employee growth in a rapidly evolving environment.
The SSG team assists the Global Security Services (GSS) organization in developing and refining information security strategy, creating metrics and reporting, coordinating cross-functional projects, and strategically aligning global information security initiatives with the broader CISO vision. The SSG team is highly collaborative and cross-functional, working closely with various functions within the GSS team (namely Security Risk and Trust, Security Product and Development, Global Protection Services and Security Intelligence Operations), Global Technology Solutions (GTS) team and the broader Klaviyo organization.
About the role:
The Lead Technical Programme Manager is an expert-level technical programme leader with a remit to support strategic initiatives across the wider GSS organisation. Reporting into the Head of Security Strategy and Governance, you will drive end-to-end delivery of complex, technically demanding cross-functional programmes — spanning third-party risk, compliance and audit readiness, AI governance, and risk and control framework rollouts. You will partner with Engineering, Product, GTS, Legal, and business operations stakeholders to keep delivery on track, surface risk early, and ensure programmes ship measurable outcomes that move Klaviyo’s risk posture forward.
****How you’ll have an impact:
- Lead programme delivery for GSS’s most complex initiatives — including third-party risk, compliance and audit readiness, AI governance, and the data-driven cyber risk and control framework — with minimal oversight and clear ownership of outcomes
- Set and continuously refine the programme rhythm: planning cycles, status reporting, OKR alignment, and decision logs that connect day-to-day execution to GSS and Klaviyo-level objectives
- Apply AI-enabled GSS tooling to reduce manual toil and improve the timeliness and signal of programme reporting
- Identify automation and AI opportunities in programme management itself — status drafting, drift detection, action tracking — and partner with SSG’s reporting and analytics capability to operationalise them
- Run risk analysis, contingency planning, and trade-off conversations with senior stakeholders; raise critical issues early with clear options, data, and recommendations
- Maintain authoritative status materials for GSS leadership team, monthly KPI updates, and quarterly Board contributions — accurate, succinct, and decision-ready
- Act as a player-coach to other programme managers across GSS and GTS, modelling delivery standards, mentoring on practice, and developing reusable playbooks and runbooks
- Flex into other GSS functions — Security Product and Development, Security Intelligence Operations — where strategic initiatives need senior programme leadership
Who you are:
- 6+ years of experience as a technical programme manager in information security, with a track record of delivering complex, multi-team initiatives across engineering and security stakeholders; demonstrated expertise scoping, planning, and delivering strategic and tactical security programmes within a matrixed environment
- Manage the Information Security Risk Management lifecycle by partnering with engineering and security experts to implement regulations, test controls, and deploy security solutions across the technology stack.
- Working knowledge of security frameworks — NIST, ISO 27001, SOC 2, PCI DSS, CIS Controls — and how they translate into credible delivery plans
- Project management and/or security framework certifications (PMP, PRINCE2, ITIL, COBIT, ISO 27001) are expected at this level
- Experience building and tracking security KPIs and metrics to measure program success and drive continuous improvement.
- Practical experience using AI-enabled or automation-first programme tooling (security GRC, TPRM, continuous control monitoring) and a clear point of view on where AI augments versus replaces human judgement in programme delivery
- A strong communicator and problem-solver who balances persuasion with active listening, possesses exceptional stakeholder management skills to engage with engineering leaders and executives, and utilizes proven project management techniques to drive results.
Nice to have:
- 3+ years of hands-on experience in equivalent security roles, such as Security Delivery Manager, Information Security Officer, or Threat Intelligence Programme Manager
- Relevant professional certifications such as Certified Information Systems Security Professional, Certified Information Security Manager, Certified in Risk and Information Systems Control, CompTIA Cybersecurity Analyst or Certified Fraud Examiner
- Exposure to AI governance, model risk, or responsible-AI programme work
- Knowledge of privacy legislation and regulations such as HIPAA and GDPR
- Experience working with security and risk tooling in cloud infrastructure, hosting, and platform contexts
**Massachusetts Applicants: **It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location.
In addition to base salary, our total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility.
Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process.
Base Pay Range For US Locations:
$84,000—$126,000 USD
This role may require up to 10% travel for purposes such as new hire onboarding, client or partner work if applicable, team meetings, and industry events. Travel is coordinated in advance.
Get to Know Klaviyo
We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.
_AI fluency at Klaviyo includes responsible use of AI (including privacy, security, bias awareness, and human-in-the-loop). We provide accommodations as needed. _
_By participating in Klaviyo’s interview process, you acknowledge that you have read, understood, and will adhere to our Guidelines for using AI in the Klaviyo interview Process. For more information about how we process your personal data, see our Job Applicant Privacy Notice. _
Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.
IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls.
By clicking "Submit Application" you consent to Klaviyo processing your Personal Data in accordance with our Job Applicant Privacy Notice. If you do not wish for Klaviyo to process your Personal Data, please do not submit an application._ _You can find our Job Applicant Privacy Notice here and here (FR).