Security Risk Manager Jobs in Boston, MA (NOW HIRING)

An exciting opportunity within the Security Strategy and Governance (SSG) team whose mission is to ensure the safety and security of our customers, partners and Klaviyos as well as deliver best in class technology solutions, infrastructure and services. This is achieved by providing a robust and secure technology foundation to do great work. We solve problems using technology, embrace automation and AI, and support Klaviyo's continued scalability and sustainable employee growth in a rapidly evolving environment.

The SSG team assists the Global Security Services (GSS) organization in developing and refining information security strategy, creating metrics and reporting, coordinating cross-functional projects, and strategically aligning global information security initiatives with the broader CISO vision. The SSG team is highly collaborative and cross-functional, working closely with various functions within the GSS team (namely Security Risk and Trust, Security Product and Development, Global Protection Services and Security Intelligence Operations), Global Technology Solutions (GTS) team and the broader Klaviyo organization.

The Senior Technical Program Manager is an expert-level technical program leader with a remit to support strategic initiatives across the wider GSS organisation. Reporting into the Head of Security Strategy and Governance, you will drive end-to-end delivery of complex, technically demanding cross-functional program - spanning third-party risk, compliance and audit readiness, AI governance, and risk and control framework rollouts. You will partner with Engineering, Product, GTS, Legal, and business operations stakeholders to keep delivery on track, surface risk early, and ensure program ship measurable outcomes that move Klaviyo's risk posture forward.

• Lead program delivery for GSS's most complex initiatives - including third-party risk, compliance and audit readiness, AI governance, and the data-driven cyber risk and control framework - with minimal oversight and clear ownership of outcomes
• Set and continuously refine the program rhythm: planning cycles, status reporting, OKR alignment, and decision logs that connect day-to-day execution to GSS and Klaviyo-level objectives
• Apply AI-enabled GSS tooling to reduce manual toil and improve the timeliness and signal of program reporting
• Identify automation and AI opportunities in program management itself - status drafting, drift detection, action tracking - and partner with SSG's reporting and analytics capability to operationalise them
• Run risk analysis, contingency planning, and trade-off conversations with senior stakeholders; raise critical issues early with clear options, data, and recommendations
• Maintain authoritative status materials for GSS leadership team, monthly KPI updates, and quarterly Board contributions - accurate, succinct, and decision-ready
• Act as a player-coach to other program managers across GSS and GTS, modelling delivery standards, mentoring on practice, and developing reusable playbooks and runbooks
• Flex into other GSS functions - Security Product and Development, Security Intelligence Operations - where strategic initiatives need senior program leadership

• 6+ years of experience as a technical program manager in information security, with a track record of delivering complex, multi-team initiatives across engineering and security stakeholders; demonstrated expertise scoping, planning, and delivering strategic and tactical security program within a matrixed environment
• Manage the Information Security Risk Management lifecycle by partnering with engineering and security experts to implement regulations, test controls, and deploy security solutions across the technology stack.
• Working knowledge of security frameworks - NIST, ISO 27001, SOC 2, PCI DSS, CIS Controls - and how they translate into credible delivery plans
• Project management and/or security framework certifications (PMP, PRINCE2, ITIL, COBIT, ISO 27001) are expected at this level
• Experience building and tracking security KPIs and metrics to measure program success and drive continuous improvement.
• Practical experience using AI-enabled or automation-first program tooling (security GRC, TPRM, continuous control monitoring) and a clear point of view on where AI augments versus replaces human judgement in program delivery
• A strong communicator and problem-solver who balances persuasion with active listening, possesses exceptional stakeholder management skills to engage with engineering leaders and executives, and utilizes proven project management techniques to drive results.

• 3+ years of hands-on experience in equivalent security roles, such as Security Delivery Manager, Information Security Officer, or Threat Intelligence Program Manager
• Relevant professional certifications such as Certified Information Systems Security Professional, Certified Information Security Manager, Certified in Risk and Information Systems Control, CompTIA Cybersecurity Analyst or Certified Fraud Examiner
• Exposure to AI governance, model risk, or responsible-AI program work
• Knowledge of privacy legislation and regulations such as HIPAA and GDPR
• Experience working with security and risk tooling in cloud infrastructure, hosting, and platform contexts