AddressNavan, the No. 1 Corporate Travel and Expense Management App, is looking for a Director of Security Audit and Governance, Risk, and Compliance (GRC) to join our dynamic team. This role is critical in ensuring that our innovative technology and world-class customer support are backed by the highest standards of security and compliance. Reporting to the Head of Security, this position will play a key role in safeguarding our company's information assets and ensuring adherence to regulatory requirements.
What you’ll do:
- Strategic Leadership: Develop and execute a comprehensive Security Audit and GRC strategy that aligns with Navan's business goals.
- Security Audits: Manage and oversee all aspects of Security Audits, both internal and external, to ensure compliance with industry standards and regulatory requirements.
- Risk Management: Implement a robust risk management framework to identify, evaluate, and mitigate risks associated with IT, information security and third-party.
- Compliance Management: Ensure that Navan adheres to all relevant laws, regulations, and standards, such as SOC 1, SOC 2, PCI DSS, ISO 27001, NIST CSF, and GDPR.
- Policy Development: Craft and maintain security policies, standards, and procedures to protect company assets and data.
- Sales Support: Build and maintain a comprehensive program to support enterprise sales, succinctly communicating our operating model and security posture.
- Stakeholder Engagement: Serve as a trusted advisor to senior leadership on security and risk management issues and promote security awareness across the organization.
- Security Awareness: Actively promotes security awareness via training, phishing simulations, newsletters. Knowledge base and more.
- Security Governance: Develop metrics to track the effectiveness and maturity of the security program. Identify areas for improvement and implement changes for ongoing optimization.
What we’re looking for:
- Experience: At least 10 years in information security with 5+ years in a leadership role managing Security Audit and GRC functions.
- Education: Bachelor’s degree in Information Technology, Cybersecurity, or related field; advanced degree preferred.
- Certifications: Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable.
- Skills: Exceptional leadership, communication, analytical, and technical skills, with a deep understanding of IT infrastructure and cloud security principles.
The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.
For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.
