Navan is looking for a Security Governance & Awareness Analyst to join our team and execute the day-to-day operations of our security awareness programs and policy management lifecycle. You will own the operational delivery of phishing simulations, targeted training campaigns, and policy review cycles—focusing on defending against modern threats like AI-generated social engineering while maintaining our regulatory and compliance posture.
Sitting at the intersection of Security Culture and Compliance, you will be responsible for operational execution while collaborating closely with your manager on program strategy. This is a role for someone with strong program management skills, excellent communication abilities, and an eye for detail—with increasing emphasis on leveraging AI tools to amplify impact and efficiency.
What You’ll Do:Security Awareness Operations: Lead the day-to-day execution of phishing simulations and mandatory training, focusing on modern threats like AI-generated social engineering, deepfake audio/video, and sophisticated LLM-based phishing.
Targeted Training Programs: Develop and deliver specialized training for high-risk employee groups (e.g., Helpdesk, Sales, Call Centers) to defend against account takeover, identity verification bypass, and customer data targeting.
Policy Lifecycle Management: Own the operational cycle for all security policies, standards, and procedures—ensuring documents are reviewed, updated, and published on schedule with proper version control and stakeholder feedback.
Compliance Documentation: Maintain the centralized policy repository and ensure policies align with SOC 2, ISO 27001, PCI-DSS, and evolving AI governance standards for audit readiness.
Security Communications: Design and distribute internal security alerts, manage the security and compliance newsletter, and create engaging content about emerging threats for diverse stakeholders.
Metrics & Reporting: Compile and analyze data on simulation success rates, training completion, and policy compliance for executive-level reporting and program optimization.
Cross-Functional Collaboration: Partner with Legal, HR, and Engineering to collect policy feedback and coordinate awareness initiatives across the organization.
What We’re Looking For:Experience: 2–4 years in Security Awareness, Corporate Training, or GRC, with a track record of executing awareness programs and managing policy lifecycles.
Communication Excellence: Strong written and verbal skills to create clear policies, design engaging training content, and effectively communicate with stakeholders at all levels.
Modern Threat Knowledge: Strong understanding of contemporary social engineering tactics, including deepfakes, AI-driven phishing, vishing, and identity verification attacks.
Platform Experience: Hands-on experience with Security Awareness platforms (e.g., Adaptive, KnowBe4, Proofpoint) and Policy Management software for training delivery and document control.
Program Management: Proven ability to manage multiple concurrent initiatives in a fast-paced environment, from phishing campaigns to policy review cycles, with high attention to detail.
AI Tool Awareness: Growing familiarity with AI tools (Claude, Gemini, etc.) to assist with content creation, communications drafting, and operational efficiency.
Regulatory Frameworks: Working knowledge of SOC 2, ISO 27001, PCI-DSS, and NIST CSF requirements as they relate to security awareness and policy documentation.
Preferred: Relevant industry certifications (e.g., CompTIA Security+, SANS SSAP) demonstrating commitment to the security awareness field.
What the Team is Saying
Navan Compensation & Benefits Highlights
-
Fair & Transparent Compensation — Pay aligns with mid‑ to upper‑market in core engineering and GTM roles, with competitive cash, equity, and bonus plans. Defined pay bands and commission tiers provide clarity on how earnings are structured.
-
Leave & Time Off Breadth — Flexible/unlimited PTO is part of the package alongside paid parental leave durations for birthing and non‑birthing parents. Time‑off policies are positioned as broad and supportive across the company.
-
Wellbeing & Lifestyle Benefits — Travel‑centric perks (IATAN access and discounted personal travel) combine with connectivity/home‑office stipends, commuter benefits, in‑office meals/snacks, and pet insurance. Access to Headspace supports mental‑health resources.
Navan Insights
Similar Jobs
.png)
What We Do
Navan (Nasdaq: NAVN) is the leading all-in-one business travel, payments, and expense management platform that makes travel easy for frequent travelers. From finding flights and hotels to automating expense reconciliation, with 24/7 support along the way, Navan delivers an intuitive experience travelers love and finance teams rely on. See how Navan customers benefit and learn more at navan.com.
Why Work With Us
At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation.
Gallery
Navan Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
In-person connections is the foundation of Navan, the connections forged through face-to-face interactions improve company culture and what we can achieve together. We operate on a hybrid working model, which we define as four days a week in-office.
