Security Governance & Risk Engineer

Benefits

Parental leave

Not verified

Non-birth-parent leave

Not verified

Family-building benefits

• Fertility benefits: Not verified
• Adoption assistance: Not verified
• Surrogacy assistance: Not verified

Mental health support

Not verified

Relocation assistance

Not verified

Childcare support

Not verified

Learning budget

Not verified

Verification

Not verified

Salary

Not verified

Was this benefit information wrong? Tell us.

Schedule

Shift type

Not verified

Weekend work

Not verified

Application

Cover letter

Not verified

Assessment

Not verified

Deadline

Not stated

Where they hire

State eligibility is not yet verified.

About this role

Security Governance & Risk Engineer London, UK Navan is looking for a Security Governance & Risk Engineer to join our team as we evolve from manual processes to automated, scalable security systems. You will own the operational execution of our governance automation infrastructure, compliance monitoring, and security program platforms-using AI and automation as your primary force multipliers. Sitting at the intersection of Security Engineering, Compliance, and Security Culture, you will execute day-to-day operations while collaborating closely with your manager on technical strategy. This is a unique hybrid role for someone who possesses both technical engineering capabilities and strong program management skills, with a heavy emphasis on leveraging AI tools (like Claude, Gemini, and GitHub Copilot) to amplify impact. What You'll Do GRC Automation: Build and maintain automated workflows for risk assessments and audit evidence collection using modern APIs and AI coding assistants. Compliance-as-Code: Implement automated integrations (e.g., Tines, AWS Lambda) to monitor technical controls against frameworks like SOC 2, ISO 27001, and NIST CSF. Data Visualization: Develop and maintain real-time dashboards in tools like ThoughtSpot to provide visibility into security posture and compliance metrics. Program Automation & Integration: Build integrations between GRC platforms, awareness tools, and business systems-automating policy acknowledgments, training compliance tracking, evidence collection, and custom workflows where platform capabilities fall short. Technical Control Implementation: Translate security policies into technical control standards and automated validation scripts, ensuring policy requirements are continuously verified. Cross-Functional Collaboration: Partner with Legal, HR, and Engineering to collect technical requirements, build integrations, and ensure automated

Read the full description at navan.com. FewerJobs shows a source-linked preview and links to the original posting.