The Chief Information Security Officer (CISO) is responsible for developing, implementing, and managing the organization’s security vision, strategy, and programs. This dynamic executive role involves leading proactive measures to protect all assets, information, and personnel from potential threats, both defined and undefined. The CISO will collaborate closely with other executive team members to ensure a comprehensive security posture that aligns with the organization's objectives, balancing rapid product innovation with effective risk management.
What You’ll Do:
- Develop and Implement Security Strategies: Design and execute comprehensive security strategies and policies to protect the organization’s assets, including products, platforms, digital, and human resources.
- Proactive Threat Monitoring: Establish and lead a 24/7 Security Operations Center (SOC) for continuous monitoring and real-time threat intelligence, enabling rapid response to emerging threats.
- Bug Bounty and Ethical Hacking Programs: Launch and manage bug bounty programs and regular ethical hacking exercises to identify and remediate vulnerabilities in applications and infrastructure.
- Risk Management and Mitigation: Partner with Risk leadership to develop and implement a comprehensive risk management framework. This includes assessing, prioritizing, and mitigating risks across the organization, with a focus on data protection, fraud prevention, and product features that protect customers.
- Balancing Security and Product Functionality: Work closely with product development teams to integrate security into the product development lifecycle. Ensure that security measures are designed to protect data and systems while enabling product innovation and functionality.
- Cross-Functional Coordination: Collaborate with IT, legal, compliance, and other departments to ensure a unified and agile response to security threats, fostering cross-functional collaboration and alignment.
- Leadership and Empowerment: Provide leadership, direction, and guidance to the security team, fostering a culture of security awareness and continuous learning. Empower team members to take decisive action in response to uncertain threats.
- Real-Time Data Analytics: Leverage advanced analytics and threat intelligence to drive informed decision-making and prioritize security actions based on potential risk.
- Incident Response and Crisis Management: Develop, test, and lead incident response plans and exercises to ensure the organization is prepared for all potential security incidents, including undefined threats.
- Security Awareness and Training: Foster a culture of security awareness through the development and delivery of regular training programs for employees, emphasizing agility in response to evolving threats.
- Innovation and Continuous Improvement: Encourage innovative solutions to complex security challenges and promote a culture of continuous improvement through feedback loops and learning from experience.
What We're Looking For:
- Technical Background: Deep understanding of information security, risk management, and compliance. Previous experience leading a technical/engineering organization is strongly preferred..
- Business Acumen: Strong understanding of business operations and ability to communicate effectively with stakeholders, including board members and executives. An MBA or related advanced degree is beneficial.
- Leadership and Management: Proven track record in managing teams, developing security strategies, and collaborating with cross-functional teams. Experience in managing security incidents at company level and implementing security measures.
- Certifications and Education: CISSP, CISM, CISA, or similar certifications preferred. Bachelor's degree in Computer Science, Cybersecurity, or a related field is required; a Master’s degree is preferred.
- Risk Management: Experience in developing and implementing risk management strategies that align with business goals. Experience with security frameworks like NIST or ISO 27001 is strongly preferred.
- Compliance and Regulatory: Knowledge of regulatory requirements such as GDPR, DPDP, and PCI-DSS, and ability to ensure compliance with these standards.
- AI and Emerging Technologies: Understanding of AI and other emerging technologies and their security implications, with the ability to develop strategies to mitigate associated risks.
- Communication and Collaboration: Ability to communicate complex technical issues to non-technical stakeholders and collaborate effectively across teams.
The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.
For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.
Pay Range
$255,000—$415,000 USD
What We Do
Navan is the all-in-one super app that makes travel and expense easy so you can focus on being there, not getting there. Say goodbye to spending hours on the phone trying to change your flight or saving stacks of receipts to manually input expenses. From EAs and finance teams to travel managers and employees, Navan empowers people to focus on the things that matter most to them — all while providing companies with real-time visibility, savings, and control.
Navan’s investors include visionaries like Andreessen Horowitz, Lightspeed Ventures, Greenoaks, Zeev Ventures, and entrepreneurs Lee Fixel, Adam Bain, and Elad Gil. In Oct 2022, Navan announced its Series G upround at a post-money valuation of $9.2B to help accelerate future growth plans.
In April 2023, Navan expanded in the Indian market with the acquisition of Tripeur, a modern, people-centric corporate travel and expense management company. The group’s fifth acquisition in under two years, Tripeur joined the Navan Group alongside Spanish meetings and events specialists, Atlanta Events & Corporate Travel Consultants; Berlin-based modern travel management company, Comtravo; leading Scandinavian travel agency Resia AB; and London-based high-touch TMC, Reed & Mackay.
Why Work With Us
At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation.
Gallery
Navan Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
In-person connections is the foundation of Navan, the connections forged through face-to-face interactions improve company culture and what we can achieve together. We operate on a hybrid working model, which we define as three days a week in-office.