Navan, the No. 1 Corporate Travel and Expense Management App, is looking for a Director of Security Audit and Governance, Risk, and Compliance (GRC) to join our dynamic team. This role is critical in ensuring that our innovative technology and world-class customer support are backed by the highest standards of security and compliance. Reporting to the Head of Security, this position will play a key role in safeguarding our company's information assets and ensuring adherence to regulatory requirements.
What you’ll do:
- Strategic Leadership: Develop and execute a comprehensive security audit and GRC strategy that aligns with Navan's business goals.
- Security Audits: Manage and oversee all aspects of security audits, both internal and external, to ensure compliance with industry standards and regulatory requirements.
- Risk Management: Implement a robust risk management framework to identify, evaluate, and mitigate risks associated with IT, information security and third-party.
- Compliance Management: Ensure that Navan adheres to all relevant laws, regulations, and standards, such as SOC 1, SOC 2, PCI DSS, ISO 27001, NIST CSF, and GDPR.
- Policy Development: Craft and maintain security policies, standards, and procedures to protect company assets and data.
- Sales Support: Build and maintain a comprehensive program to support enterprise sales, succinctly communicating our operating model and security posture.
- Stakeholder Engagement: Serve as a trusted advisor to senior leadership on security and risk management issues and promote security awareness across the organization.
- Security Awareness: Actively promotes security awareness via training, phishing simulations, newsletters. Knowledge base and more.
- Security Governance: Develop metrics to track the effectiveness and maturity of the security program. Identify areas for improvement and implement changes for ongoing optimization.
What we’re looking for:
- Experience: At least 10 years in information security with 5+ years in a leadership role managing security audit and GRC functions.
- Education: Bachelor’s degree in Information Technology, Cybersecurity, or related field; advanced degree preferred.
- Certifications: Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable.
- Skills: Exceptional leadership, communication, analytical, and technical skills, with a deep understanding of IT infrastructure and cloud security principles.
