Third-Party Risk Analyst at Navan Labs UK Limited

Bengaluru, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

17 May, 26

Salary

0.0

Posted On

16 Feb, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Third-Party Risk Management, Vendor Risk, IT Audit, GDPR, CCPA, SOC 2, ISO 27001, GRC Tools, Vendor Management Tools, Risk Assessment, Due Diligence, Contractual Redlining, Vendor Engagement, Continuous Monitoring, Negotiation Skills, Analytical Mindset

Industry

Software Development

Description

About The Position As Navan continues to scale globally, our ecosystem of vendors and partners grows with us. We are looking for a Third-Party Risk Analyst to join our Security & Compliance team. In this role, you will be the gatekeeper of our vendor lifecycle, ensuring that every third party—from software providers to Travel Management Companies (TMCs)—meets our rigorous security and privacy standards. You will sit at the intersection of Procurement, Legal, and Security, driving the risk assessment process and ensuring that Navan’s data remains protected across our entire supply chain. What You’ll Do Risk Assessment Ownership: Conduct comprehensive security and privacy risk assessments for new and existing third parties using procurement and GRC tools and partner with Security leadership to escalate high-risk vendors and support documented risk acceptance or remediation decision Vendor Due Diligence: Review SOC2 reports, ISO certifications, and penetration test summaries to identify potential vulnerabilities in a vendor’s posture. Contractual Redlining: Partner with Legal to review and redline Security Addendums and Data Processing Addendums (DPAs), ensuring vendors commit to Navan’s required security controls. Vendor Engagement: Lead the outreach to vendor security teams to clarify questionnaire responses, follow up on remediation items, and ensure compliance with our standards. TMC & Partner Management: Work closely with our Travel Management Companies to gather essential security documentation and manage the lifecycle of partner-specific risk reviews and contracts. Continuous Monitoring: Monitor the existing vendor landscape for security incidents, certification expirations, for security alerts, news of breaches, or changes in risk profiles, and trigger re-assessments when necessary. Cross-Fuctional Collaboration: You will work closely with Procurement, Legal, Privacy, and Engineering teams on third-party security and risk considerations throughout the vendor lifecycle What We’re Looking For Experience: 2–4 years in Third-Party Risk Management (TPRM), Vendor Risk, or IT Audit. Regulatory Knowledge: Familiarity with privacy frameworks (GDPR, CCPA) and security standards (SOC 2, ISO 27001). Procurement Savvy: Experience working within procurement workflows and using GRC or Vendor Management tools (e.g., OneTrust, Prevalent, or Vanta). Analytical Mindset: Ability to spot "red flags" in a vendor’s security documentation and translate those risks into business impact for internal stakeholders. Negotiation Skills: Comfortable holding vendors accountable and negotiating security terms in contracts. Organization: You can manage dozens of active vendor assessments simultaneously without losing track of deadlines or documentation gaps.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The analyst will own the comprehensive security and privacy risk assessment process for all third parties, reviewing documentation like SOC2 reports and leading vendor engagement for remediation. This role involves partnering with Legal to redline security addendums and continuously monitoring the vendor landscape for security incidents or changes in risk profiles.