Klaviyo Inc.
ITGC (General Controls) Project Manager
Klaviyo Inc., Boston, Massachusetts, us, 02298
Full time (3 days p/week in the office)
At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying.
About the team
An exciting opportunity within the Global CISO Strategy (GCS) team whose mission is to ensure the safety and security of Klaviyos and our customers as well as deliver reliable IT services, infrastructure, solutions and expert guidance. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology, embrace automation, and support Klaviyo's continued scalability and sustainable employee growth in a rapidly evolving environment. The GCS team assists in developing and refining information security and IT strategy, driving organizational change, coordinating cross-functional projects, and strategically aligning global information security and IT initiatives with the broader Chief Information Security Officer (CISO) vision. The GCS team is highly collaborative and cross-functional, working closely within the Global Security Services (GSS) team, the Global Technology Solutions (GTS) team and the broader Klaviyo organization. About the role
As an ITGC Project Manager, you'll work closely with the various GSS & GTS teams from the CISO function and a wide variety of engineering, business operations and internal audit teams all under the leadership of the Senior Program Manager on the Global CISO Strategy team. You’ll be primarily focused on managing projects for Klaviyo’s ITGC and SOX (Sarbanes–Oxley Act) compliance as well as other information security frameworks. You'll ensure that projects are coordinated, delivered on time, and communicated well. Additionally, you will play an integral part in recommending process improvements and in helping implement those updates. This role will require a deep understanding of SOX, ITGCs, and information security best practices, as well as experience in working with engineering, technology and business teams. How you’ll have an impact
Design, implement, monitor, and maintain SOX ITGC controls, with engineering, business partners, CISO Function and Internal Audit Coordinate large-scale SOX ITGC projects (i.e. scope expansion), define success, dependencies and ensure timely delivery Provide project management and facilitate control requirements planning, progress tracking, communication, and reporting Identify, assess, and advise on information security risks, processes and controls to a variety of partners Perform risk analysis, develop contingency plans, and gather data from teams to proactively raise critical issues with key stakeholders for prioritization and tradeoff decisions Ensure all documentation and status materials for key meetings are compiled, aggregated, and completed in a timely fashion and remain well-maintained Establish and monitor plans to ensure the realization of goals and continuous improvements Build relationships with internal stakeholders What we’re looking for
5+ years of experience either auditing or in-house at a SaaS technology company implementing ITGC and SOX related controls such as Access Management, Change Management SOC1 Type 2 and security frameworks e.g. SOC 2 Type II, ISO27001, NIST CSF, etc.) Experienced in designing and interpreting remediation plans to control owners and ensure that audit issues are remediated and tracked timely Experience scoping, organizing, planning, and successfully managing strategic and tactical security projects Experience of leading cross-functional projects with clearly defined plans and objectives within a matrix environment You are a good communicator with strong interpersonal skills who can balance persuasiveness with active listening of diverse perspectives to achieve positive results You’ve got strong organizational, problem-solving, presentation, facilitation and follow-through skills You demonstrate the use of project management techniques and tools Ability to work with virtual teams to improve their technology and security practices Nice to have
Experience in the technology or financial services industry is preferred Experience with Netsuite, Coupa, Github, Workday, Salesforce, Freshservice, Fidelity, Navan, Stripe and AWS CISA, CISM, CISSP or other related security certifications is a plus Certifications in project management and/or IT/Security frameworks (e.g. Project Management Professional (PMP), Prince2, ITIL, COBIT, ISO27001) Knowledge of privacy legislations and regulations such as GDPR, CCPA, and PDPA Experience in information security practices in cloud infrastructure, hosting and platforms
#J-18808-Ljbffr
An exciting opportunity within the Global CISO Strategy (GCS) team whose mission is to ensure the safety and security of Klaviyos and our customers as well as deliver reliable IT services, infrastructure, solutions and expert guidance. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology, embrace automation, and support Klaviyo's continued scalability and sustainable employee growth in a rapidly evolving environment. The GCS team assists in developing and refining information security and IT strategy, driving organizational change, coordinating cross-functional projects, and strategically aligning global information security and IT initiatives with the broader Chief Information Security Officer (CISO) vision. The GCS team is highly collaborative and cross-functional, working closely within the Global Security Services (GSS) team, the Global Technology Solutions (GTS) team and the broader Klaviyo organization. About the role
As an ITGC Project Manager, you'll work closely with the various GSS & GTS teams from the CISO function and a wide variety of engineering, business operations and internal audit teams all under the leadership of the Senior Program Manager on the Global CISO Strategy team. You’ll be primarily focused on managing projects for Klaviyo’s ITGC and SOX (Sarbanes–Oxley Act) compliance as well as other information security frameworks. You'll ensure that projects are coordinated, delivered on time, and communicated well. Additionally, you will play an integral part in recommending process improvements and in helping implement those updates. This role will require a deep understanding of SOX, ITGCs, and information security best practices, as well as experience in working with engineering, technology and business teams. How you’ll have an impact
Design, implement, monitor, and maintain SOX ITGC controls, with engineering, business partners, CISO Function and Internal Audit Coordinate large-scale SOX ITGC projects (i.e. scope expansion), define success, dependencies and ensure timely delivery Provide project management and facilitate control requirements planning, progress tracking, communication, and reporting Identify, assess, and advise on information security risks, processes and controls to a variety of partners Perform risk analysis, develop contingency plans, and gather data from teams to proactively raise critical issues with key stakeholders for prioritization and tradeoff decisions Ensure all documentation and status materials for key meetings are compiled, aggregated, and completed in a timely fashion and remain well-maintained Establish and monitor plans to ensure the realization of goals and continuous improvements Build relationships with internal stakeholders What we’re looking for
5+ years of experience either auditing or in-house at a SaaS technology company implementing ITGC and SOX related controls such as Access Management, Change Management SOC1 Type 2 and security frameworks e.g. SOC 2 Type II, ISO27001, NIST CSF, etc.) Experienced in designing and interpreting remediation plans to control owners and ensure that audit issues are remediated and tracked timely Experience scoping, organizing, planning, and successfully managing strategic and tactical security projects Experience of leading cross-functional projects with clearly defined plans and objectives within a matrix environment You are a good communicator with strong interpersonal skills who can balance persuasiveness with active listening of diverse perspectives to achieve positive results You’ve got strong organizational, problem-solving, presentation, facilitation and follow-through skills You demonstrate the use of project management techniques and tools Ability to work with virtual teams to improve their technology and security practices Nice to have
Experience in the technology or financial services industry is preferred Experience with Netsuite, Coupa, Github, Workday, Salesforce, Freshservice, Fidelity, Navan, Stripe and AWS CISA, CISM, CISSP or other related security certifications is a plus Certifications in project management and/or IT/Security frameworks (e.g. Project Management Professional (PMP), Prince2, ITIL, COBIT, ISO27001) Knowledge of privacy legislations and regulations such as GDPR, CCPA, and PDPA Experience in information security practices in cloud infrastructure, hosting and platforms
#J-18808-Ljbffr