Navan is looking for a Security Governance & Awareness Analyst to join our team and execute the day-to-day operations of our security awareness programs and policy management lifecycle. You will own the operational delivery of phishing simulations, targeted training campaigns, and policy review cycles—focusing on defending against modern threats like AI-generated social engineering while maintaining our regulatory and compliance posture.
Sitting at the intersection of Security Culture and Compliance, you will be responsible for operational execution while collaborating closely with your manager on program strategy. This is a role for someone with strong program management skills, excellent communication abilities, and an eye for detail—with increasing emphasis on leveraging AI tools to amplify impact and efficiency.
What You’ll Do:Security Awareness Operations: Lead the day-to-day execution of phishing simulations and mandatory training, focusing on modern threats like AI-generated social engineering, deepfake audio/video, and sophisticated LLM-based phishing.
Targeted Training Programs: Develop and deliver specialized training for high-risk employee groups (e.g., Helpdesk, Sales, Call Centers) to defend against account takeover, identity verification bypass, and customer data targeting.
Policy Lifecycle Management: Own the operational cycle for all security policies, standards, and procedures—ensuring documents are reviewed, updated, and published on schedule with proper version control and stakeholder feedback.
Compliance Documentation: Maintain the centralized policy repository and ensure policies align with SOC 2, ISO 27001, PCI-DSS, and evolving AI governance standards for audit readiness.
Security Communications: Design and distribute internal security alerts, manage the security and compliance newsletter, and create engaging content about emerging threats for diverse stakeholders.
Metrics & Reporting: Compile and analyze data on simulation success rates, training completion, and policy compliance for executive-level reporting and program optimization.
Cross-Functional Collaboration: Partner with Legal, HR, and Engineering to collect policy feedback and coordinate awareness initiatives across the organization.
What We’re Looking For:Experience: 2–4 years in Security Awareness, Corporate Training, or GRC, with a track record of executing awareness programs and managing policy lifecycles.
Communication Excellence: Strong written and verbal skills to create clear policies, design engaging training content, and effectively communicate with stakeholders at all levels.
Modern Threat Knowledge: Strong understanding of contemporary social engineering tactics, including deepfakes, AI-driven phishing, vishing, and identity verification attacks.
Platform Experience: Hands-on experience with Security Awareness platforms (e.g., Adaptive, KnowBe4, Proofpoint) and Policy Management software for training delivery and document control.
Program Management: Proven ability to manage multiple concurrent initiatives in a fast-paced environment, from phishing campaigns to policy review cycles, with high attention to detail.
AI Tool Awareness: Growing familiarity with AI tools (Claude, Gemini, etc.) to assist with content creation, communications drafting, and operational efficiency.
Regulatory Frameworks: Working knowledge of SOC 2, ISO 27001, PCI-DSS, and NIST CSF requirements as they relate to security awareness and policy documentation.
Preferred: Relevant industry certifications (e.g., CompTIA Security+, SANS SSAP) demonstrating commitment to the security awareness field.
Skills Required
- 2-4 years in Security Awareness, Corporate Training, or GRC
- Strong written and verbal communication skills
- Hands-on experience with Security Awareness platforms
- Proven ability to manage multiple initiatives
- Working knowledge of SOC 2, ISO 27001, PCI-DSS
- Relevant industry certifications (e.g., CompTIA Security+, SANS SSAP)
What the Team is Saying
Navan Compensation & Benefits Highlights
How does Navan ensure its pay and bonus plans are competitive?
Navan offers a comprehensive benefits program designed to support your well-being, financial security, and life outside of work. Our benefits, thoughtfully tailored by country to meet local needs, include healthcare coverage, insurance offerings, and wellness resources for you and your family.
We support long-term financial growth through retirement savings programs and opportunities to participate in our equity plans, so you can share in Navan’s success. To promote balance, we offer flexible time off, country-specific holidays, and paid parental leave for all new parents. Additional benefits include connectivity and commuting support, mental health resources, and exclusive travel-related perks. Wherever you’re based, our benefits evolve with you.
Navan Insights
What We Do
Navan (Nasdaq: NAVN) is the leading all-in-one business travel, payments, and expense management platform that makes travel easy for frequent travelers. From finding flights and hotels to automating expense reconciliation, with 24/7 support along the way, Navan delivers an intuitive experience travelers love and finance teams rely on. See how Navan customers benefit and learn more at navan.com.
Why Work With Us
At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation.
Gallery
Navan Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
In-person connections is the foundation of Navan, the connections forged through face-to-face interactions improve company culture and what we can achieve together. We operate on a hybrid working model, which we define as four days a week in-office.
.png)
