IT General Controls (ITGC) Project Manager

At Klaviyo, we value the unique backgrounds, experiences and perspectives each Klaviyo (we call ourselves Klaviyos) brings to our workplace each and every day. We believe everyone deserves a fair shot at success and appreciate the experiences each person brings beyond the traditional job requirements. If you’re a close but not exact match with the description, we hope you’ll still consider applying. Want to learn more about life at Klaviyo? Visit careers.klaviyo.com to see how we empower creators to own their own destiny.

About the team

An exciting opportunity within the Global CISO Strategy (GCS) team whose mission is to ensure the safety and security of Klaviyos and our customers as well as deliver reliable IT services, infrastructure, solutions and expert guidance. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology, embrace automation, and support Klaviyo's continued scalability and sustainable employee growth in a rapidly evolving environment.

The GCS team assists in developing and refining information security and IT strategy, driving organizational change, coordinating cross-functional projects, and strategically aligning global information security and IT initiatives with the broader Chief Information Security Officer (CISO) vision. The GCS team is highly collaborative and cross-functional, working closely within the Global Security Services (GSS) team, the Global Technology Solutions (GTS) team and the broader Klaviyo organization.

About the role

As an ITGC Project Manager, you'll work closely with the various GSS & GTS teams from the CISO function and a wide variety of engineering, business operations and internal audit teams all under the leadership of the Senior Program Manager on the Global CISO Strategy team.

You’ll be primarily focused on managing projects for Klaviyo’s ITGC and SOX (Sarbanes–Oxley Act) compliance as well as other information security frameworks.

You'll ensure that projects are coordinated, delivered on time, and communicated well. Additionally, you will play an integral part in recommending process improvements and in helping implement those updates. This role will require a deep understanding of SOX, ITGCs, and information security best practices, as well as experience in working with engineering, technology and business teams.. 

How you’ll have an impact

• Design, implement, monitor, and maintain SOX ITGC controls, with engineering, business partners, CISO Function and Internal Audit
• Coordinate large-scale SOX ITGC projects (i.e. scope expansion), define success, dependencies and ensure timely delivery
• Provide project management and facilitate control requirements planning, progress tracking, communication, and reporting 
• Identify, assess, and advise on information security risks, processes and controls to a variety of partners
• Perform risk analysis, develop contingency plans, and gather data from teams to proactively raise critical issues with key stakeholders for prioritization and tradeoff decisions
• Ensure all documentation and status materials for key meetings are compiled, aggregated, and completed in a timely fashion and remain well-maintained
• Establish and monitor plans to ensure the realization of goals and continuous improvements
• Build relationships with internal stakeholders

What we’re looking for

• 5+ years of experience either auditing or in-house at a SaaS technology company implementing  ITGC and SOX related controls such as Access Management, Change Management SOC1 Type 2 and security frameworks e.g. SOC 2 Type II, ISO27001, NIST CSF, etc.)
• Experienced in designing and interpreting remediation plans to control owners and ensure that audit issues are remediated and tracked timely 
• Experience scoping, organizing, planning, and successfully managing strategic and tactical security projects 
• Experience of leading cross-functional projects with clearly defined plans and objectives within a matrix environment 
• You are a good communicator with strong interpersonal skills who can balance persuasiveness with active listening of diverse perspectives to achieve positive results
• You’ve got strong organizational, problem-solving, presentation, facilitation and follow-through skills
• You demonstrate the use of project management techniques and tools
• Ability to work with virtual teams to improve their technology and security practices

Nice to have

• Experience in the technology or financial services industry is preferred
• Experience with Netsuite, Coupa, Github, Workday, Salesforce, Freshservice, Fidelity, Navan, Stripe and AWS 
• CISA, CISM, CISSP or other related security certifications is a plus
• Certifications in project management and/or IT/Security frameworks  (e.g. Project Management Professional (PMP), Prince2, ITIL, COBIT, ISO27001)
• Knowledge of privacy legislations and regulations such as GDPR, CCPA, and PDPA
• Experience in information security practices in cloud infrastructure, hosting and platforms

Get to Know Klaviyo

We’re Klaviyo (pronounced clay-vee-oh). We empower creators to own their destiny by making first-party data accessible and actionable like never before. We see limitless potential for the technology we’re developing to nurture personalized experiences in ecommerce and beyond. To reach our goals, we need our own crew of remarkable creators—ambitious and collaborative teammates who stay focused on our north star: delighting our customers. If you’re ready to do the best work of your career, where you’ll be welcomed as your whole self from day one and supported with generous benefits, we hope you’ll join us.

Klaviyo is committed to a policy of equal opportunity and non-discrimination. We do not discriminate on the basis of race, ethnicity, citizenship, national origin, color, religion or religious creed, age, sex (including pregnancy), gender identity, sexual orientation, physical or mental disability, veteran or active military status, marital status, criminal record, genetics, retaliation, sexual harassment or any other characteristic protected by applicable law.

IMPORTANT NOTICE: Our company takes the security and privacy of job applicants very seriously. We will never ask for payment, bank details, or personal financial information as part of the application process. All our legitimate job postings can be found on our official career site. Please be cautious of job offers that come from non-company email addresses (@klaviyo.com), instant messaging platforms, or unsolicited calls. 

You can find our Job Applicant Privacy Notice here.