Staff Security Analyst, Customer Trust

Navan, the No. 1 Corporate Travel and Expense Management App, is looking for a Staff Security Analyst of Customer Trust to join our dynamic team. This role is critical in ensuring that our innovative technology and world-class customer support are backed by the highest standards of security and compliance. Reporting to the Security GRC Manager, this position will play a key role in safeguarding our company's information assets and ensuring adherence to regulatory requirements.

Responsibilities:

• Continue to maintain and grow the Navan Customer Trust Program 
• Act as a point of contact for all go-to-market related security enquiries 
• Partner closely with various internal teams and subject matter experts to maintain an accurate knowledge base of Navan’s security information to efficiently and effectively address customer inquiries about Navan’s security posture
• Coordinate and manage responses to customer enquiries, including contributing to Request for Proposals (RFP), automating responses to customer security enquiries, and diligence assessments. 
• Act as a point of contact for all customer audit requests and liaison customer audits
• Develop customer facing security documentation in the form of security whitepapers, shared customer responsibility matrix, diligence documentation and more based on customer asks 
• Drive automation efforts to continuously improve the program with the goal of maturing the service to be more effective in shortening sales cycles and exceed customer expectations  
• Engage directly with product engineering and other organizational teams as needed to solve customer queries  
• Partner closely with legal teams in contract negotiations activities to ensure that Navan’s security capabilities are accurately captured in customer contracts 
• Collaborate closely with rest of the Security and Trust organization to ensure that relevant customer expectations are communicated to the respective parties in a timely manner
• Develop metrics and reporting to demonstrate the status and progress of the customer trust program

Requirements:

• 5+ years working experience within Security & Compliance
• 3+ years of Security Compliance Experience in developing programs focused on customer assurance and building customer trust
• Experience partnering with sales enablement and field sales teams on responding to customer security inquiries and leading multiple customer security audits
• Experience with implementing tools used to automate responses to customer security enquiries
• Understanding of common certification and attestation requirements like PCI DSS, ISO 27001, SOC1, SOC2 etc. 
• Understanding of privacy regulations such as GDPR and CCPA 
• Understanding of Cloud controls and environments (AWS)
• Practical understanding of IT Security Compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices and associated tools 
• Strong analytical, diagnostic, critical thinking and project management skills
• Excellent problem-solving, written and oral communication skills with strong professional etiquette
• Strong Engagement skills (Internal & External)
• Customer service orientation with a problem-solving approach
• Experience managing and working with internal cross-functional teams and product engineering groups
• Positive, confident personality, and comfortable in front of groups/customers

Preferred Qualifications:

• Big 4 experience will be a plus
• CISA, CISM, CISSP, CSA CCSK, ISC(2) CCSP or other Information Security related designation will be a plus 
• Experience with unified control frameworks development and implementation will be a major plus.

The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.

For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.