Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Automate security governance and risk processes using AI and modern technologies.
- Company: Join Navan, a forward-thinking company revolutionising security systems.
- Benefits: Enjoy flexible time off, healthcare, and equity opportunities.
- Why this job: Make a real impact in security while leveraging cutting-edge AI tools.
- Qualifications: 4-6 years in GRC Engineering with strong AI tool experience.
- Other info: Collaborative environment with excellent growth potential and diverse benefits.
The predicted salary is between 60000 - 75000 ÂŁ per year.
Navan is looking for a Security Governance & Risk Engineer to join our team as we evolve from manual processes to automated, scalable security systems. You will own the operational execution of our governance automation infrastructure, compliance monitoring, and security program platforms—using AI and automation as your primary force multipliers. Sitting at the intersection of Security Engineering, Compliance, and Security Culture, you will execute day‑to‑day operations while collaborating closely with your manager on technical strategy. This is a unique hybrid role for someone who possesses both technical engineering capabilities and strong program management skills, with a heavy emphasis on leveraging AI tools (like Claude, Gemini, and GitHub Copilot) to amplify impact.
What You’ll Do
- GRC Automation: Build and maintain automated workflows for risk assessments and audit evidence collection using modern APIs and AI coding assistants.
- Compliance-as-Code: Implement automated integrations (e.g., Tines, AWS Lambda) to monitor technical controls against frameworks like SOC 2, ISO 27001, and NIST CSF.
- Data Visualization: Develop and maintain real‑time dashboards in tools like ThoughtSpot to provide visibility into security posture and compliance metrics.
- Program Automation & Integration: Build integrations between GRC platforms, awareness tools, and business systems—automating policy acknowledgments, training compliance tracking, evidence collection, and custom workflows where platform capabilities fall short.
- Technical Control Implementation: Translate security policies into technical control standards and automated validation scripts, ensuring policy requirements are continuously verified.
- Cross-Functional Collaboration: Partner with Legal, HR, and Engineering to collect technical requirements, build integrations, and ensure automated controls align with business needs.
What We’re Looking For
- Experience: 4–6 years in GRC Engineering, Security Automation, or IT Compliance, with a track record of building automated solutions.
- AI Tool Fluency: Active experience using AI tools (Gemini, GitHub Copilot, Claude, etc.) to accelerate coding, writing, and problem‑solving.
- Cloud & Infra Knowledge: Hands‑on experience with cloud environments (AWS or GCP) and serverless architectures (Lambda, Cloud Functions).
- GRC Platforms: Familiarity with tools such as Auditboard, Vanta, Drata, or Archer, particularly regarding API integrations.
- Framework Expertise: Working knowledge of SOC 2, ISO 27001, and NIST CSF, with the ability to translate requirements into technical controls.
- Operational Mindset: Proven ability to manage multiple concurrent engineering initiatives, from building compliance automations to developing policy management systems, in a fast‑paced environment.
- Communication: Strong written and verbal skills to document technical implementations, collaborate with stakeholders, and translate business requirements into technical solutions.
Navan offers a comprehensive benefits program designed to support your well‑being, financial security, and life outside of work. Our benefits, thoughtfully tailored by country to meet local needs, include healthcare coverage, insurance offerings, and wellness resources for you and your family. We support long‑term financial growth through retirement savings programs and opportunities to participate in our equity plans, so you can share in Navan’s success. To promote balance, we offer flexible time off, country‑specific holidays, and paid parental leave for all new parents. Additional benefits include connectivity and commuting support, mental health resources, and exclusive travel‑related perks. Wherever you’re based, our benefits evolve with you.
Navan is an equal opportunity employer. We make all employment decisions based solely on merit. We provide equal employment opportunity to all applicants and employees without discrimination on the bases of race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We prohibit any such discrimination or harassment. This policy applies to all terms and conditions of employment, including hiring. Navan complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law. Navan will reasonably accommodate qualified individuals with a disability in connection with applications for employment as required by law.
Security Governance & Risk Engineer employer: Navan Inc
Contact Detail:
Navan Inc Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Governance & Risk Engineer
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those involving AI tools and automation. This gives potential employers a taste of what you can do and sets you apart from the crowd.
✨Tip Number 3
Prepare for interviews by practising common questions related to GRC Engineering and security automation. Use mock interviews with friends or online platforms to build confidence and refine your answers.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team at Navan.
We think you need these skills to ace Security Governance & Risk Engineer
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience in GRC Engineering and Security Automation. We want to see how your skills align with the specific requirements mentioned in the job description.
Show Off Your AI Skills: Since we’re all about leveraging AI tools, don’t forget to mention your experience with tools like GitHub Copilot or Claude. Share examples of how you’ve used these tools to enhance your work—this will really catch our eye!
Be Clear and Concise: When writing your application, keep it straightforward. Use clear language to explain your technical expertise and how it relates to the role. We appreciate a well-structured application that gets straight to the point.
Apply Through Our Website: We encourage you to submit your application through our website. It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it’s super easy to do!
How to prepare for a job interview at Navan Inc
✨Know Your Tech Inside Out
Make sure you’re well-versed in the AI tools mentioned in the job description, like Gemini and GitHub Copilot. Be ready to discuss how you've used these tools in past projects to automate processes or solve problems.
✨Showcase Your GRC Experience
Prepare specific examples of your experience with GRC platforms and compliance frameworks like SOC 2 and ISO 27001. Highlight any automated solutions you've built and how they improved efficiency or compliance.
✨Demonstrate Cross-Functional Collaboration
Think of instances where you’ve worked with different teams, such as Legal or HR, to implement security measures. Be ready to explain how you gathered requirements and ensured alignment with business needs.
✨Prepare for Technical Questions
Expect technical questions related to cloud environments and serverless architectures. Brush up on your knowledge of AWS or GCP, and be prepared to discuss how you’ve implemented technical controls in previous roles.