At a Glance
- Tasks: Ensure compliance with global security regulations and support audits and assessments.
- Company: Join a leading tech company focused on security and compliance.
- Benefits: Flexible working hours, competitive salary, and opportunities for professional growth.
- Other info: Collaborate with global teams and gain exposure to diverse frameworks.
- Why this job: Play a vital role in safeguarding platforms and maintaining customer trust.
- Qualifications: 3+ years in information security compliance with a technical background.
The predicted salary is between 50000 - 60000 £ per year.
About the Role
The Security Compliance Analyst will work as a critical part of the Security Compliance Team, operating within the wider Navan Governance, Risk, Compliance, and Trust (GRCT) Team. In this role, you will ensure our continued compliance with global security regulations and industry frameworks—including GDPR, Sarbanes‑Oxley ITGCs, ISO 27001, PCI DSS, and SOC 1/SOC 2. Acting as a key bridge between technical engineering teams, end users, external assessors, and international business units, you will play an essential part in safeguarding our platforms, maintaining customer trust, and scaling Navan’s global operations securely.
What You’ll Do
- Coordinating and supporting internal and external security audits, technical assessments, and penetration tests across our environments.
- Partnering closely with US-based compliance auditors and external audit firms; this includes a flexible schedule to work late (until 9:00 PM–10:00 PM) a few days per month on specific alignment days to facilitate direct collaboration with US teams.
- Managing audit findings and remediation tracking items to ensure compliance issues and non‑conformities are resolved in a timely manner.
- Performing regular testing of security compliance controls to identify operational deficiencies, track Key Performance Indicators (KPIs), and report on overall compliance health and continuous improvements.
- Partnering with engineering teams to gather and implement automated evidence collection workflows, utilizing JIRA and AI platforms to drive efficiency and reduce manual overhead.
- Translating complex technical security requirements into clear, actionable business language to collaborate effectively with internal technical teams and external stakeholders at all levels.
What We’re Looking For
- Experience: Minimum of 3 years of hands‑on experience in information security compliance, ideally paired with a technical background (such as experience as a developer, software engineer, or systems administrator).
- Framework Expertise: Strong working understanding of Sarbanes‑Oxley 404 IT General Controls (ITGCs) and the PCI DSS, alongside familiarity with frameworks like ISO 27001, Cyber Essentials Plus, NIST CSF, or SOC 1 and SOC 2.
- Tools & Systems: Practical experience using GRC software (e.g., Optro/AuditBoard, SafeBase) alongside standard ticketing platforms like JIRA.
- Core Skills & Flexibility: Excellent attention to detail, a proactive approach to problem‑solving, and the flexibility to adapt your working hours monthly to accommodate collaboration with US‑based auditing bodies.
- Education & Certifications: A degree‑level education in Cybersecurity, Computer Science, or a related field (or equivalent practical experience); industry certifications like CompTIA Security+, ISO 27001 Lead Auditor, or ISC2 CGRC are highly advantageous.
- Bonus: As Navan works with colleagues around the globe, proficiency in French, Spanish, Italian, or German is highly beneficial.
Security Compliance Analyst employer: Navan
Navan is an exceptional employer that prioritises employee growth and development within a dynamic work culture. As a Security Compliance Analyst, you will benefit from flexible working hours to collaborate with international teams, access to cutting-edge tools, and opportunities to engage in meaningful projects that enhance your skills while ensuring compliance with global security standards.
StudySmarter Expert Advice🤫
We think this is how you could land Security Compliance Analyst
✨Tip Number 1
Network like a pro! Reach out to folks in the industry on LinkedIn or at events. A friendly chat can open doors that a CV just can't.
✨Tip Number 2
Prepare for interviews by practising common questions and scenarios related to security compliance. We recommend role-playing with a friend to boost your confidence!
✨Tip Number 3
Showcase your skills! Bring examples of your past work, especially any audits or compliance projects you've handled. This will help you stand out as a candidate who knows their stuff.
✨Tip Number 4
Don't forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are keen to join us directly!
We think you need these skills to ace Security Compliance Analyst
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Security Compliance Analyst role. Highlight your experience with security regulations and frameworks like GDPR and ISO 27001, as well as any relevant technical skills. We want to see how your background aligns with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about security compliance and how your skills can help us at Navan. Be sure to mention any specific experiences that relate to the job description.
Showcase Your Problem-Solving Skills:In your application, don’t forget to highlight your proactive approach to problem-solving. Share examples of how you've tackled compliance issues or improved processes in previous roles. We love seeing candidates who can think on their feet!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re keen on joining our team!
How to prepare for a job interview at Navan
✨Know Your Frameworks
Make sure you brush up on your knowledge of security frameworks like GDPR, PCI DSS, and ISO 27001. Be ready to discuss how you've applied these in past roles, as this will show your understanding and relevance to the position.
✨Showcase Your Technical Skills
Since the role requires a blend of compliance and technical expertise, be prepared to talk about your experience with tools like JIRA and any GRC software you've used. Highlight specific projects where you’ve implemented automated workflows or managed audit findings.
✨Communicate Clearly
You’ll need to translate complex security requirements into business language, so practice explaining technical concepts in simple terms. This will demonstrate your ability to bridge the gap between technical teams and stakeholders.
✨Flexibility is Key
Given the need to collaborate with US-based teams, be ready to discuss your availability for flexible working hours. Show that you’re adaptable and willing to accommodate different time zones to ensure smooth communication and collaboration.
