Senior Security & Compliance Analyst

Posted 3 Days Ago
Easy Apply
Be an Early Applicant
Palo Alto, CA
105K-192K Annually
Senior level
Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Travel & expense made easy.
The Role
As a Senior Security & Compliance Analyst, you will lead efforts in compliance with key security standards and drive the security program's maturity. This includes collaborating with cross-functional teams, conducting assessments, leading audits, developing metrics, automating processes, and staying updated with regulatory changes to enhance Navan's overall security posture.
Summary Generated by Built In

Are you passionate about shaping the future of information security in a dynamic, high-growth environment? As a Senior Security GRC Analyst at Navan, you'll take the lead in driving compliance with key security standards and frameworks. You'll spearhead efforts to achieve crucial certifications and attestations, all while collaborating with diverse business stakeholders to design and implement robust security controls. Your influence will span the entire organization as you work to continuously enhance Navan’s security posture and provide assurance to our customers. If you're someone who thrives on making a tangible impact and adapting quickly to change, we invite you to join our team and help drive our mission forward.

What You’ll Do:

  • Collaborate with Cross-Functional Teams: Work closely with teams such as HR, Finance, and Legal to identify control gaps and integrate control requirements.
  • Engage in Compliance Activities: Partner with product engineering and other teams on compliance matters, external audit engagements, and assessments.
  • Conduct Assessments and Testing: Perform periodic assessments and testing of all applicable security compliance controls, policies, and standards.
  • Drive Security Program Maturity: Contribute to the improvement of the overall cybersecurity program's maturity.
  • Lead Internal Security Assessments: Oversee internal security assessment walkthroughs and collect evidence for external audits.
  • Execute External Audit Activities: Lead the execution of external audits over Navan’s products and internal controls in accordance with frameworks like SOC 1, SOC 2, PCI DSS, ISO 27001, and NIST CSF.
  • Develop Metrics and Reporting: Create metrics and reports to demonstrate compliance status and progress.
  • Automate Controls and Processes: Drive automation of controls and process improvements within the compliance portfolio.
  • Facilitate Remediation Efforts: Work with the security team on assessment findings and oversee remediation efforts.
  • Provide Guidance and Consultation: Offer ongoing advice to promote a sustainable security and compliance program.
  • Implement GRC Tools: Collaborate on developing and implementing a centralized audit evidence repository and GRC tools.
  • Stay Updated with Regulatory Changes: Integrate changes to laws, regulations, and frameworks into daily activities.

What We’re Looking For:

  • Experience: 5+ years of security governance, risk, and compliance experience with programs complying with certifications like PCI DSS, ISO 27001, SOC 1, and SOC 2.
  • Expert Knowledge: In-depth understanding of PCI DSS, GDPR, ISO 27001, SOC frameworks, and relevant regulations.
  • Cloud Expertise: Strong knowledge of cloud controls and environments, particularly AWS.
  • Technical Proficiency: Practical understanding of IT security compliance, risk management, access control, network security, security architecture, and operations in a cloud environment.
  • Analytical Skills: Excellent analytical, diagnostic, critical thinking, and project management abilities.
  • Communication Skills: Ability to communicate effectively with diverse technical and cultural backgrounds.
  • Data Presentation: Proficiency in representing data graphically.
  • Engagement Skills: Strong skills in engaging both internal and external stakeholders.
  • Policy Development: Experience in creating security policies, procedures, and standards.
  • Certifications (Preferred): CISA, CISM, CISSP, CSA CCSK, ISC² CCSP, or other relevant security certifications.
  • Additional Qualifications (Plus):
    • Experience with Big Four consulting firms.
    • Experience with developing and implementing unified control frameworks.

The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.
For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.

Pay Range

$105,000$192,000 USD

Top Skills

AWS

What the Team is Saying

Anna
Brian
Roshni
Adamas Victória
Jordan
The Company
Palo Alto, CA
3,000 Employees
Hybrid Workplace
Year Founded: 2015

What We Do

Navan is the all-in-one super app that makes travel and expense easy so you can focus on being there, not getting there. Say goodbye to spending hours on the phone trying to change your flight or saving stacks of receipts to manually input expenses. From EAs and finance teams to travel managers and employees, Navan empowers people to focus on the things that matter most to them — all while providing companies with real-time visibility, savings, and control.

Navan’s investors include visionaries like Andreessen Horowitz, Lightspeed Ventures, Greenoaks, Zeev Ventures, and entrepreneurs Lee Fixel, Adam Bain, and Elad Gil. In Oct 2022, Navan announced its Series G upround at a post-money valuation of $9.2B to help accelerate future growth plans.

In April 2023, Navan expanded in the Indian market with the acquisition of Tripeur, a modern, people-centric corporate travel and expense management company. The group’s fifth acquisition in under two years, Tripeur joined the Navan Group alongside Spanish meetings and events specialists, Atlanta Events & Corporate Travel Consultants; Berlin-based modern travel management company, Comtravo; leading Scandinavian travel agency Resia AB; and London-based high-touch TMC, Reed & Mackay.

Why Work With Us

At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Navan Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

In-person connections is the foundation of Navan, the connections forged through face-to-face interactions improve company culture and what we can achieve together. We operate on a hybrid working model, which we define as three days a week in-office.

Typical time on-site: 3 days a week
Palo Alto, CA

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account