Jobs · Management · Massachusetts

Lead Security Governance & Risk Engineer

Klaviyo · Boston, MA · Yesterday
Management$156k–$234k/yrFull-time

About the role

The Lead Security Governance & Risk Engineer is a senior, hands-on role at the point where security governance meets risk engineering. You will own the parts of the risk programme that turn policy and standards into measured, monitored, and automated risk decisions.

This is a role for an engineer who thinks like a risk professional: someone who automates repeatable assessment, instruments controls, quantifies risk in financial terms, and treats AI as foundational infrastructure rather than an afterthought.

Responsibilities

  • Operate and maintain the risk register and taxonomy.
  • Run the technology and third-party risk register on a consistent standard (threat actor, technique, scenario, safeguard, loss event, quantification) so that risks aggregate, prioritize, and report meaningfully across the business.
  • Lead AI risk governance and ISO 42001 readiness.
  • Drive third-party risk automation and risk scoring.
  • Perform the hands-on risk quantification.
  • Support the risk governance cadence.
  • Partner cross-functionally and close the loop.

Requirements

  • 7+ years of experience in information security, technology risk, cyber risk, or operational risk within a large, complex, or high-growth organization, including hands-on risk engineering or quantitative risk work.
  • Strong command of cyber risk quantification, able to express risk in financial and business terms (FAIR, riskquant, or similar) rather than qualitative severity ratings alone.
  • Hands-on engineering ability: SQL, Python, and integrating with APIs to extract, transform, and load data between systems and to automate risk reporting.
  • Experience building and running a technology and/or third-party risk register and taxonomy, with the tooling and process automation behind it.
  • Working knowledge of security and AI frameworks (NIST CSF and RMF, ISO 27000 series, ISO 42001, SOC 2, PCI DSS, CIS Controls) and how they translate into credible control requirements.
  • Hands-on familiarity with modern risk and security tooling: third-party risk platforms, cyber risk quantification, vulnerability management, and endpoint and data-security telemetry, with a clear point of view on where AI augments versus replaces human judgement.
  • Able to operate independently as a second line of defense while engaging credibly with senior engineers, architects, and security teams.

Qualifications

  • Able to discuss complex, nuanced topics with technical and non-technical audiences alike, and translate technical risk into clear business impact.
  • Excellent ability to plan, prioritize, and execute work cross-functionally and on time.

Skills

  • AI fluency at Klaviyo includes responsible use of AI (including privacy, security, bias awareness, and human-in-the-loop).

Benefits

Our salary range reflects the cost of labor across various U.S. geographic markets. The range displayed below reflects the minimum and maximum target salaries for the position across all our US locations. The base salary offered for this position is determined by several factors, including the applicant’s job-related skills, relevant experience, education or training, and work location. In addition to base salary, our total compensation package may include participation in the company’s annual cash bonus plan, variable compensation (OTE) for sales and customer success roles, equity, sign-on payments, and a comprehensive range of health, welfare, and wellbeing benefits based on eligibility.

Pay

Your recruiter can provide more details about the specific salary/OTE range for your preferred location during the hiring process.

Schedule

This role may require up to 10% travel for purposes such as new hire onboarding, client or partner work if applicable, team meetings, and industry events. Travel is coordinated in advance.

Similar jobs

Lead Security Engineer

Dev Technology Group, Inc.Suitland, MD· Yesterday
Information Technology$120k–$190k/yrapply on grnh.se

Lead Security Engineer

Harmonia Holdings Group, LLCMcLean, VA· 1 wk ago
Information Technology$126k/yrapply on ajax.googleapis.com

Lead Security Engineer

AssetMarkAtlanta, GA· 2 wk ago
Information Technology$115k–$135k/yrapply on assetmark.wd5.myworkdayjobs.com

Lead Security Engineer

NTT DATA North AmericaWashington, PA· 3 wk ago
Information Technologyapply on careers.services.global.ntt

Lead Security Engineer

GE VernovaWilmington, NC· 1 wk ago
Information Technology$86k–$164k/yrapply on careers.gevernova.com