At a Glance
- Tasks: Automate security processes and build innovative compliance solutions using AI tools.
- Company: Join a forward-thinking tech company focused on security and risk management.
- Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
- Other info: Dynamic role with a blend of technical and program management responsibilities.
- Why this job: Make a real impact in security governance while leveraging cutting-edge technology.
- Qualifications: 4-6 years in GRC Engineering with coding skills in Python, PowerShell, or JavaScript.
The predicted salary is between 60000 - 80000 £ per year.
Requirements
- Experience: 4–6 years in GRC Engineering, Security Automation, or IT Compliance, with a track record of building automated solutions.
- Technical Proficiency: Comfortable writing and debugging code (Python, PowerShell, or JavaScript) and working with REST APIs/JSON structures.
- AI Tool Fluency: Active experience using AI tools (Gemini, GitHub Copilot, Claude, etc.) to accelerate coding, writing, and problem-solving.
- Cloud & Infra Knowledge: Hands-on experience with cloud environments (AWS or GCP) and serverless architectures (Lambda, Cloud Functions).
- GRC Platforms: Familiarity with tools such as Auditboard, Vanta, Drata, or Archer, particularly regarding API integrations.
- Framework Expertise: Working knowledge of SOC 2, ISO 27001, and NIST CSF, with the ability to translate requirements into technical controls.
- Operational Mindset: Proven ability to manage multiple concurrent engineering initiatives, from building compliance automations to developing policy management systems, in a fast-paced environment.
- Communication: Strong written and verbal skills to document technical implementations, collaborate with stakeholders, and translate business requirements into technical solutions.
What the job involves
Navan is looking for a Security Governance & Risk Engineer to join our team as we evolve from manual processes to automated, scalable security systems. You will own the operational execution of our governance automation infrastructure, compliance monitoring, and security program platforms—using AI and automation as your primary force multipliers. Sitting at the intersection of Security Engineering, Compliance, and Security Culture, you will execute day-to-day operations while collaborating closely with your manager on technical strategy. This is a unique hybrid role for someone who possesses both technical engineering capabilities and strong program management skills, with a heavy emphasis on leveraging AI tools (like Claude, Gemini, and GitHub Copilot) to amplify impact.
- GRC Automation: Build and maintain automated workflows for risk assessments and audit evidence collection using modern APIs and AI coding assistants.
- Compliance-as-Code: Implement automated integrations (e.g., Tines, AWS Lambda) to monitor technical controls against frameworks like SOC 2, ISO 27001, and NIST CSF.
- Data Visualization: Develop and maintain real-time dashboards in tools like ThoughtSpot to provide visibility into security posture and compliance metrics.
- Program Automation & Integration: Build integrations between GRC platforms, awareness tools, and business systems—automating policy acknowledgments, training compliance tracking, evidence collection, and custom workflows where platform capabilities fall short.
- Technical Control Implementation: Translate security policies into technical control standards and automated validation scripts, ensuring policy requirements are continuously verified.
- Cross-Functional Collaboration: Partner with Legal, HR, and Engineering to collect technical requirements, build integrations, and ensure automated controls align with business needs.
Security Engineer (Governance & Risk) employer: Navan
Navan is an exceptional employer that fosters a dynamic work culture where innovation and collaboration thrive. As a Security Engineer in Governance & Risk, you will benefit from a supportive environment that prioritises employee growth through hands-on experience with cutting-edge AI tools and cloud technologies. With a focus on automation and compliance, you'll have the opportunity to make a meaningful impact while working alongside talented professionals in a hybrid role that blends technical expertise with program management.
StudySmarter Expert Advice🤫
We think this is how you could land Security Engineer (Governance & Risk)
✨Tip Number 1
Network like a pro! Reach out to folks in the industry on LinkedIn or at meetups. We all know that sometimes it’s not just what you know, but who you know that can get your foot in the door.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those involving GRC automation or AI tools. We want to see what you can do, so let your work speak for itself!
✨Tip Number 3
Prepare for interviews by practising common questions related to security engineering and compliance frameworks. We recommend doing mock interviews with friends or using online platforms to boost your confidence.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace Security Engineer (Governance & Risk)
Some tips for your application 🫡
Tailor Your CV:Make sure your CV reflects the specific skills and experiences mentioned in the job description. Highlight your experience with GRC Engineering, security automation, and any relevant coding languages like Python or PowerShell.
Show Off Your AI Tool Skills:Since we’re keen on candidates who have experience with AI tools, don’t forget to mention any projects where you’ve used tools like GitHub Copilot or Claude. This will show us you’re up to speed with modern tech!
Be Clear and Concise:When writing your application, keep it straightforward. Use clear language to describe your past roles and how they relate to the responsibilities of the Security Engineer position. We love a well-structured application!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it’s super easy!
How to prepare for a job interview at Navan
✨Know Your Tech Inside Out
Make sure you’re comfortable with the technical skills listed in the job description. Brush up on your coding skills in Python, PowerShell, or JavaScript, and be ready to discuss how you've used these languages in past projects. Familiarity with REST APIs and JSON structures will also give you an edge.
✨Showcase Your AI Tool Experience
Since the role emphasises using AI tools like Gemini and GitHub Copilot, come prepared with examples of how you've leveraged these tools in your work. Discuss specific projects where AI helped you solve problems or accelerate your coding process.
✨Demonstrate Your GRC Knowledge
Familiarise yourself with GRC platforms such as Auditboard, Vanta, or Drata. Be ready to explain how you’ve integrated these tools into your workflows, especially regarding API integrations. This shows you understand the practical applications of these platforms.
✨Communicate Clearly and Confidently
Strong communication skills are key for this role. Practice explaining complex technical concepts in simple terms, as you’ll need to collaborate with various stakeholders. Prepare to discuss how you’ve documented technical implementations and translated business requirements into technical solutions.
