Director, Security Audit and GRC
Palo Alto, CA or San Francisco, CA
Full Time Executive-level / Director USD 187K - 322K
TripActions
Navan: Die Komplettlösung für Geschäftsreisen, Spesen & Firmenkreditkarten für mehr Kontrolle, Einsparungen und Echtzeit-Transparenz. Jetzt testen!Navan, the No. 1 Corporate Travel and Expense Management App, is looking for a Director of Security Audit and Governance, Risk, and Compliance (GRC) to join our dynamic team. This role is critical in ensuring that our innovative technology and world-class customer support are backed by the highest standards of security and compliance. Reporting to the Head of Security, this position will play a key role in safeguarding our company's information assets and ensuring adherence to regulatory requirements.
What you’ll do:
- Strategic Leadership: Develop and execute a comprehensive security audit and GRC strategy that aligns with Navan's business goals.
- Security Audits: Manage and oversee all aspects of security audits, both internal and external, to ensure compliance with industry standards and regulatory requirements.
- Risk Management: Implement a robust risk management framework to identify, evaluate, and mitigate risks associated with IT, information security and third-party.
- Compliance Management: Ensure that Navan adheres to all relevant laws, regulations, and standards, such as SOC 1, SOC 2, PCI DSS, ISO 27001, NIST CSF, and GDPR.
- Policy Development: Craft and maintain security policies, standards, and procedures to protect company assets and data.
- Sales Support: Build and maintain a comprehensive program to support enterprise sales, succinctly communicating our operating model and security posture.
- Stakeholder Engagement: Serve as a trusted advisor to senior leadership on security and risk management issues and promote security awareness across the organization.
- Security Awareness: Actively promotes security awareness via training, phishing simulations, newsletters. Knowledge base and more.
- Security Governance: Develop metrics to track the effectiveness and maturity of the security program. Identify areas for improvement and implement changes for ongoing optimization.
What we’re looking for:
- Experience: At least 10 years in information security with 5+ years in a leadership role managing security audit and GRC functions.
- Education: Bachelor’s degree in Information Technology, Cybersecurity, or related field; advanced degree preferred.
- Certifications: Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable.
- Skills: Exceptional leadership, communication, analytical, and technical skills, with a deep understanding of IT infrastructure and cloud security principles.
The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.
For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.
Tags: Audits CISM CISSP Cloud Compliance CRISC GDPR Governance ISO 27001 IT infrastructure NIST PCI DSS Risk management RMF SOC SOC 1 SOC 2 Strategy
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs