Compliance Analyst

Location:Palo Alto, CA

Department:Security, Risk & Fraud

Position Overview: We are seeking an experienced SOX Compliance & GRC Analyst to lead our SOX IT General Controls program while supporting our broader governance, risk, and compliance initiatives. The successful candidate will ensure compliance with Sarbanes-Oxley regulations, focusing on IT general controls, while harmonizing controls across our expanding compliance portfolio and supporting various security frameworks.

What You'll Do:

SOX IT General Controls (Primary Focus)

Lead SOX Compliance Program: Conduct thorough assessments of IT general controls to ensure compliance with SOX 404 requirements
Control Testing & Management: Perform regular management testing of IT general controls, including access controls, change management, data backup, and recovery processes
Evidence Collection & Automation: Implement automation for evidence collection and conduct self-review of submitted evidence for access management, change management, segregation of duties, and configuration management controls
System Onboarding: Lead onboarding of new systems to the SOX control environment, ensuring compliance by design
Audit Coordination: Manage the flow of audit requests, coordinate scope of external testing, and interface with external auditors to represent our SOX control environment

Broader GRC Responsibilities

Multi-Framework Compliance: Execute external audits and assessments for SOC 1, SOC 2, PCI DSS, ISO 27001, and NIST CSF frameworks
Cross-Functional Collaboration: Work closely with People Operations, Finance, Legal, IT, and product engineering teams to identify control gaps and integrate control requirements
Assessment & Testing: Perform periodic assessments and testing of security compliance controls, policies, and standards across multiple frameworks
Remediation Management: Identify control deficiencies, develop remediation plans, and oversee implementation efforts
Reporting & Metrics: Prepare detailed reports on compliance status, audit findings, and create metrics to demonstrate compliance progress to senior management
GRC Tools Implementation: Collaborate on developing and implementing centralized audit evidence repository and GRC tools
Policy Development: Create and maintain security policies, procedures, and standards
Training & Education: Develop and deliver training programs on SOX IT control requirements and compliance best practices

Required Qualifications:

Experience: 4-5+ years of SOX 404 IT General Controls auditing, security governance, risk, and compliance experience
SOX Expertise: Strong understanding of SOX 404 regulations, IT general controls, and financial systems audit requirements for both on-premise and cloud systems
Framework Knowledge: In-depth understanding of SOC frameworks, PCI DSS, GDPR, ISO 27001, and relevant regulations
Cloud Expertise: Strong knowledge of cloud controls and environments, particularly AWS (Azure and Google Cloud experience beneficial)
Technical Proficiency: Practical understanding of IT security compliance, risk management, access control, network security, and security architecture in cloud environments
Analytical Skills: Excellent analytical, diagnostic, critical thinking, and project management abilities
Communication: Ability to clearly articulate technical concepts to both technical and non-technical stakeholders from diverse backgrounds
Automation Experience: Proficiency in implementing automation for evidence collection and control testing

Preferred Qualifications:

Education: Bachelor's degree in Information Technology, Computer Science, Accounting, or related field
Certifications: CISA, CISM, CISSP, CPA, CSA CCSK, ISC² CCSP, or other relevant security certifications
Framework Experience: Experience with IT control frameworks such as COBIT, NIST, or ISO 27001
Consulting Background: Experience with Big Four consulting firms
Unified Controls: Experience developing and implementing unified control frameworks
Tool Proficiency: Experience with audit and compliance tools and software
Data Presentation: Proficiency in representing data graphically and creating executive-level reports

Key Success Factors:

Deep technical understanding of SOX IT General Controls and their relationship to other security frameworks
Proven ability to lead complex compliance projects from planning through execution
Strong stakeholder engagement skills with both internal teams and external auditors
Experience staying current with regulatory changes and integrating updates into daily operations
Detail-oriented approach with ability to manage multiple priorities and deadlines
Track record of driving automation and process improvements in compliance programs

The posted pay range represents the anticipated low and high end of the compensation for this position and is subject to change based on business need. To determine a successful candidate’s starting pay, we carefully consider a variety of factors, including primary work location, an evaluation of the candidate’s skills and experience, market demands, and internal parity.

For roles with on-target-earnings (OTE), the pay range includes both base salary and target incentive compensation. Target incentive compensation for some roles may include a ramping draw period. Compensation is higher for those who exceed targets. Candidates may receive more information from the recruiter.

Pay Range

$82,500—$154,000 USD

Navan About Us

Navan is the all-in-one super app that makes travel and expense easy so you can focus on being there, not getting there. Say goodbye to spending hours on the phone trying to change your flight or saving stacks of receipts to manually input expenses. From EAs and finance teams to travel managers and employees, Navan empowers people to focus on the things that matter most to them — all while providing companies with real-time visibility, savings, and control.

Navan’s investors include visionaries like Andreessen Horowitz, Lightspeed Ventures, Greenoaks, Zeev Ventures, and entrepreneurs Lee Fixel, Adam Bain, and Elad Gil. Valued at $9.2B, Navan is well-positioned for continued growth as it continues its takeover of the travel and expense market.

In April 2023, Navan expanded in the Indian market with the acquisition of Tripeur, a modern, people-centric corporate travel and expense management company. The group’s fifth acquisition in under two years, Tripeur joined the Navan Group alongside Spanish meetings and events specialists, Atlanta Events & Corporate Travel Consultants; Berlin-based modern travel management company, Comtravo; leading Scandinavian travel agency Resia AB; and London-based high-touch TMC, Reed & Mackay — the latter of which remains a standalone brand.

At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation. All voices are valued here and you’ll have the resources, tools, and training you’ll need to do the best work of your life.

Our Benefits

Navan provides a comprehensive benefits package tailored to support your well-being and financial security. Our offerings include generous medical plans, dental, and vision benefits with premiums covered by Navan, as well as various insurance options designed to cover each family's needs. We also prioritize your holistic wellness with perks like paid parental and bereavement leave, subsidized commuter benefits, mental health support, connectivity stipends, and even pet insurance.

Workplace Policy

Navan believes in the value of in-person connections, whether that is sitting down to have lunch with one another, taking a walking 1:1, or collaborating in a room together. The connections forged through face-to-face interactions improve company culture and drive business results. Navan invests in global office spaces — in the U.S., Europe, and Asia, among others — that feel welcoming. Perks such as lunches and happy hours create a strong team environment to help you do your best work. We prioritize in-person connections and operate on a four-day-in-office work model. Please expect this policy for all roles that are tied to an office.

Equal Opportunity

Navan is an equal opportunity employer. We make all employment decisions based solely on merit. We provide equal employment opportunity to all applicants and employees without discrimination on the bases of race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We prohibit any such discrimination or harassment. This policy applies to all terms and conditions of employment, including hiring.

Accommodations

Navan complies with the Americans with Disabilities Act (ADA), as amended by the ADA Amendments Act, and all applicable state or local law. Navan will reasonably accommodate qualified individuals with a disability in connection with applications for employment as required by law.

If you need any assistance or accommodations due to a disability, you are welcome to email us at talent-accommodations@navan.com.

Candidate Privacy Notice

Please review Navan's Candidate Privacy Notice here.

Job Search Best Practices

We have been made aware of recruitment scams involving fraudulent attempts to lure job seekers into sending money or personal information in return for fake job offers or coerce them into purchasing equipment by electronic funds transfer (Zelle, Venmo, etc.) Legitimate Navan recruiters will never ask for money in any recruitment or onboarding activities. All available job openings at Navan will be posted on Navan’s website and all Navan recruiters will be reachable through an email address ending in “@navan.com” or “@navan.tech” or "@talent.navan.com".