Director, Security Audit and GRC

Navan, the No. 1 Corporate Travel and Expense Management App, is looking for a Director of Security Audit and Governance, Risk, and Compliance (GRC) to join our dynamic team. This role is critical in ensuring that our innovative technology and world-class customer support are backed by the highest standards of security and compliance. Reporting to the Head of Security, this position will play a key role in safeguarding our company's information assets and ensuring adherence to regulatory requirements.

What You'll Do:

• Strategic Leadership: Develop and execute a comprehensive security audit and GRC strategy that aligns with Navan's business goals.
• Security Audits: Manage and oversee all aspects of security audits, both internal and external, to ensure compliance with industry standards and regulatory requirements.
• Risk Management: Implement a robust risk management framework to identify, evaluate, and mitigate risks associated with IT, information security and third-party.
• Compliance Management: Ensure that Navan adheres to all relevant laws, regulations, and standards, such as SOC 1, SOC 2, PCI DSS, ISO 27001, NIST CSF, and GDPR.
• Policy Development: Craft and maintain security policies, standards, and procedures to protect company assets and data.
• Sales Support: Build and maintain a comprehensive program to support enterprise sales, succinctly communicating our operating model and security posture. 
• Stakeholder Engagement: Serve as a trusted advisor to senior leadership on security and risk management issues and promote security awareness across the organization.
• Security Awareness: Actively promotes security awareness via training, phishing simulations, newsletters. Knowledge base and more.
• Security Governance: Develop metrics to track the effectiveness and maturity of the security program. Identify areas for improvement and implement changes for ongoing optimization.

What We’re Looking For:

• Experience: At least 10 years in information security with 5+ years in a leadership role managing security audit and GRC functions.
• Education: Bachelor’s degree in Information Technology, Cybersecurity, or related field; advanced degree preferred.
• Certifications: Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable.
• Skills: Exceptional leadership, communication, analytical, and technical skills, with a deep understanding of IT infrastructure and cloud security principles.