Company: Navan
Location: London
Job Description:
Requirements
- Experience: 4–6 years in GRC Engineering, Security Automation, or IT Compliance, with a track record of building automated solutions
- Technical Proficiency: Comfortable writing and debugging code (Python, PowerShell, or JavaScript) and working with REST APIs/JSON structures
- AI Tool Fluency: Active experience using AI tools (Gemini, GitHub Copilot, Claude, etc.) to accelerate coding, writing, and problem-solving
- Cloud & Infra Knowledge: Hands-on experience with cloud environments (AWS or GCP) and serverless architectures (Lambda, Cloud Functions)
- GRC Platforms: Familiarity with tools such as Auditboard, Vanta, Drata, or Archer, particularly regarding API integrations
- Framework Expertise: Working knowledge of SOC 2, ISO 27001, and NIST CSF, with the ability to translate requirements into technical controls
- Operational Mindset: Proven ability to manage multiple concurrent engineering initiatives, from building compliance automations to developing policy management systems, in a fast-paced environment
- Communication: Strong written and verbal skills to document technical implementations, collaborate with stakeholders, and translate business requirements into technical solutions
,
,
,
,
,
,
,
What the job involves
- Navan is looking for a Security Governance & Risk Engineer to join our team as we evolve from manual processes to automated, scalable security systems
- You will own the operational execution of our governance automation infrastructure, compliance monitoring, and security program platforms—using AI and automation as your primary force multipliers
- Sitting at the intersection of Security Engineering, Compliance, and Security Culture, you will execute day-to-day operations while collaborating closely with your manager on technical strategy
- This is a unique hybrid role for someone who possesses both technical engineering capabilities and strong program management skills, with a heavy emphasis on leveraging AI tools (like Claude, Gemini, and GitHub Copilot) to amplify impact
- GRC Automation: Build and maintain automated workflows for risk assessments and audit evidence collection using modern APIs and AI coding assistants
- Compliance-as-Code: Implement automated integrations (e.g., Tines, AWS Lambda) to monitor technical controls against frameworks like SOC 2, ISO 27001, and NIST CSF
- Data Visualization: Develop and maintain real-time dashboards in tools like ThoughtSpot to provide visibility into security posture and compliance metrics
- Program Automation & Integration: Build integrations between GRC platforms, awareness tools, and business systems—automating policy acknowledgments, training compliance tracking, evidence collection, and custom workflows where platform capabilities fall short
- Technical Control Implementation: Translate security policies into technical control standards and automated validation scripts, ensuring policy requirements are continuously verified
- Cross-Functional Collaboration: Partner with Legal, HR, and Engineering to collect technical requirements, build integrations, and ensure automated controls align with business needs
,
,
,
,
,
,
,
,
,
#J-18808-Ljbffr…
Posted: May 28th, 2026