Security Governance & Risk Engineer

Navan is looking for a Security Governance & Risk Engineer to join our team as we evolve from manual processes to automated, scalable security systems. You will own the operational execution of our governance automation infrastructure, compliance monitoring, and security program platforms—using AI and automation as your primary force multipliers.

Sitting at the intersection of Security Engineering, Compliance, and Security Culture, you will execute day-to-day operations while collaborating closely with your manager on technical strategy. This is a unique hybrid role for someone who possesses both technical engineering capabilities and strong program management skills, with a heavy emphasis on leveraging AI tools (like Claude, Gemini, and GitHub Copilot) to amplify impact.

• GRC Automation: Build and maintain automated workflows for risk assessments and audit evidence collection using modern APIs and AI coding assistants.
• Compliance-as-Code: Implement automated integrations (e.g., Tines, AWS Lambda) to monitor technical controls against frameworks like SOC 2, ISO 27001, and NIST CSF.
• Data Visualization: Develop and maintain real-time dashboards in tools like ThoughtSpot to provide visibility into security posture and compliance metrics.
• Program Automation & Integration: Build integrations between GRC platforms, awareness tools, and business systems—automating policy acknowledgments, training compliance tracking, evidence collection, and custom workflows where platform capabilities fall short.
• Technical Control Implementation: Translate security policies into technical control standards and automated validation scripts, ensuring policy requirements are continuously verified.
• Cross-Functional Collaboration: Partner with Legal, HR, and Engineering to collect technical requirements, build integrations, and ensure automated controls align with business needs.

• Experience: 4–6 years in GRC Engineering, Security Automation, or IT Compliance, with a track record of building automated solutions.
• Technical Proficiency: Comfortable writing and debugging code (Python, PowerShell, or JavaScript) and working with REST APIs/JSON structures.
• AI Tool Fluency: Active experience using AI tools (Gemini, GitHub Copilot, Claude, etc.) to accelerate coding, writing, and problem-solving.
• Cloud & Infra Knowledge: Hands-on experience with cloud environments (AWS or GCP) and serverless architectures (Lambda, Cloud Functions).
• GRC Platforms: Familiarity with tools such as Auditboard, Vanta, Drata, or Archer, particularly regarding API integrations.
• Framework Expertise: Working knowledge of SOC 2, ISO 27001, and NIST CSF, with the ability to translate requirements into technical controls.
• Operational Mindset: Proven ability to manage multiple concurrent engineering initiatives, from building compliance automations to developing policy management systems, in a fast-paced environment.
• Communication: Strong written and verbal skills to document technical implementations, collaborate with stakeholders, and translate business requirements into technical solutions.