We are seeking an experienced Third Party Risk & Compliance Analyst to lead our vendor risk management program while supporting broader governance, risk, and compliance initiatives. The successful candidate will conduct comprehensive third-party risk assessments, ensure compliance with regulatory requirements, and develop robust vendor risk management frameworks to protect our organization from external threats.
What You'll Do:- Your primary focus will be to focus on Third Party Risk Management which will include conducting thorough information security risk assessments on external parties to ensure associated risks are within acceptable tolerance
- You will determine information security risk profiles for various vendor and business partner services using standardized questionnaires and industry best practices
- Assess third-party information security controls to ensure they meet or exceed our risk management requirements for the services to be provided
- Evaluate and identify security risks of third-party AI risk assessment solutions to provide guidance to internal stakeholders based on organizational policies and industry best practices
- Evaluate systemic, fourth-party, and vendor concentration risks to ensure resilience in the vendor ecosystem.
- You will focus on compliance and governance and must have knowledge in multi framework compliance to execute external audits and assessments for SOC1, SOC2, PCI DSS, ISO 27001, and NIST CSF frameworks
- Create and maintain third-party risk management policies, procedures, and standards
- Ensure regulatory adherence to compliance with applicable regulations, laws, and industry standards governing third-party relationships
- Maintain documentation management through comprehensive records of all assessments, communications, and risk documentation in our GRC platform
- Be involved in stakeholder engagement and communication by providing direction and guidance to stakeholders concerning risks associated with assessments findings and adherence to applicable procedures
- Respond to requests from external parties concerning our information risk management practices with appropriately scoped and accurate information
- Work closely with cross-functional partners like Legal, Procurement, IT, and business teams to identify control gaps and integrate risk requirements
- Report engagement status to management, project managers, and other business stakeholders as appropriate
- Help with process improvement & innovation by developing and implementing automation for evidence collection and risk assessment processes
- Maintain knowledge of current and emerging developments/trends in third-party risk management, assess impact, and collaborate with senior management to incorporate new trends
- Identify and implement process improvements that significantly improve quality across the team, department, and/or business unit
- Stay updated on emerging AI trends and technologies to support innovation within the organization
- Support risk mitigation & remediation through mitigation plans/solutions to eliminate, reduce, or mitigate identified risks
- Communicate risk mitigation solutions to both external parties and internal business stakeholders
- Oversee implementation of risk mitigation efforts and track progress to completion
- Establish ongoing monitoring processes for high-risk third-party relationships
- Overall, 2-3+ years of third-party risk management, vendor security assessments, and compliance experience
- Strong understanding of information security risk assessment methodologies and third-party risk management frameworks
- In-depth understanding of SOC frameworks, PCI DSS, ISO 27001, NIST, and relevant regulations
- Strong knowledge of cloud controls, environments, and emerging AI technologies
- Practical understanding of IT security compliance, risk management, access control, and security architecture
- Excellent analytical, diagnostic, critical thinking, and project management abilities
- Ability to clearly articulate technical concepts to both technical and non-technical stakeholders
- Proficiency in implementing automation for evidence collection and risk assessment processes
- Bachelor's degree in Information Technology, Computer Science, Risk Management, or related field
- CISA, CISM, CISSP, CRISC, or other relevant security and risk management certifications, a plus
- Experience with risk management frameworks such as ISO 31000, COSO, or NIST
- Experience with Big 4 consulting firms or risk management consultancies
- Experience with GRC platforms, vendor risk management tools, and compliance software
- Proficiency in representing data graphically and creating executive-level risk reports
- Deep technical understanding of third-party risk management and its relationship to broader security frameworks
- Proven ability to lead complex vendor risk assessments from planning through execution
- Strong stakeholder engagement skills with both internal teams and external vendors
- Experience staying current with regulatory changes and emerging third-party risks
- Detail-oriented approach with ability to manage multiple vendor relationships and deadlines
- Track record of driving automation and process improvements in risk management programs
- Understanding of AI technologies and their associated risks in third-party relationships
The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.
For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.
What the Team is Saying
Navan Compensation & Benefits Highlights
How does Navan ensure its pay and bonus plans are competitive?
Navan offers a comprehensive benefits program designed to support your well-being, financial security, and life outside of work. Our benefits, thoughtfully tailored by country to meet local needs, include healthcare coverage, insurance offerings, and wellness resources for you and your family.
We support long-term financial growth through retirement savings programs and opportunities to participate in our equity plans, so you can share in Navan’s success. To promote balance, we offer flexible time off, country-specific holidays, and paid parental leave for all new parents. Additional benefits include connectivity and commuting support, mental health resources, and exclusive travel-related perks. Wherever you’re based, our benefits evolve with you.
Navan Insights
Similar Jobs
.png)
What We Do
Navan (Nasdaq: NAVN) is the leading all-in-one business travel, payments, and expense management platform that makes travel easy for frequent travelers. From finding flights and hotels to automating expense reconciliation, with 24/7 support along the way, Navan delivers an intuitive experience travelers love and finance teams rely on. See how Navan customers benefit and learn more at navan.com.
Why Work With Us
At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation.
Gallery
Navan Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
In-person connections is the foundation of Navan, the connections forged through face-to-face interactions improve company culture and what we can achieve together. We operate on a hybrid working model, which we define as four days a week in-office.
