[Remote] Sr. GRC/PCI Compliance Analyst

Note: The job is a remote job and is open to candidates in USA. Direct Travel is a leading provider of corporate travel management services, and they are seeking a detail-oriented GRC / PCI Compliance Analyst to support achieving PCI DSS Level 1 Service Provider compliance. The role involves driving control implementation, documentation, and audit readiness across the organization, ensuring that controls are designed, documented, validated, and audit-ready.

Responsibilities

• Support the implementation and operationalization of PCI DSS v4.0 controls across infrastructure, applications, and business processes
• Partner with control owners to ensure requirements are clearly understood and effectively implemented
• Track control status, gaps, and remediation progress
• Develop and maintain: Policies, standards, and procedures aligned to PCI DSS Control narratives and process documentation Evidence artifacts required for audit Build and manage a centralized evidence repository mapped to PCI requirements. Ensure all documentation is accurate, complete, and audit-defensible
• Prepare the organization for PCI assessment by: Validating control implementation Conducting internal readiness reviews Identifying and remediating documentation gaps Support the QSA audit process, including: Responding to evidence requests Coordinating interviews and walkthroughs Tracking audit findings and follow-ups
• Assist in maintaining: Data flow diagrams System inventories Cardholder Data Environment (CDE) documentation Map controls to PCI DSS requirements and ensure traceability between: Requirements Controls Evidence
• Support PCI gap assessments across systems, applications, and vendors. Track and manage remediation items, ensuring timely closure. Identify control weaknesses and escalate risks to the Program Director
• Work closely with: IT / Security Business and Operations teams Application Development teams Legal / Compliance / Risk Ensure alignment between technical implementation and compliance requirements
• Support documentation and validation of scope reduction initiatives, including: Tokenization implementations Segmentation strategies Ensure evidence clearly demonstrates reduction of PCI scope and removal of PAN from systems where applicable

Skills

• Bachelor's degree in Computer Science, Information Technology, or a related field or equivalent experience
• 5+ years of experience in GRC, compliance, or information security
• Hands-on experience supporting PCI DSS audits or compliance programs
• Strong understanding of PCI DSS requirements and control structure
• Control documentation and evidence expectations
• Experience managing audit evidence and documentation repositories
• Strong organizational skills with high attention to detail
• Experience supporting a PCI DSS ROC (merchant or service provider)
• ISA (Internal Security Assessor) certification
• Experience with GRC tools (e.g., OneTrust (preferred), Archer, ServiceNow GRC)
• Audit/evidence management platforms
• Familiarity with ISO 27001
• SOC 1 / SOC 2
• GDPR or data privacy frameworks

Benefits

• Medical, Dental, and Vision benefits
• Employee rewards and recognitions program
• Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support

Company Overview