Invest in your career with a Madrona-funded company.

Position Overview

We are seeking a highly analytical and detail-oriented Business Analyst to support a critical enterprise initiative: achieving PCI DSS Level 1 Service Provider compliance through scope reduction, payment flow optimization, and tokenization. 

 

This role will partner closely with the PCI Program Director to map, analyze, and redesign how payment data flows through the organization. The primary objective is to identify and eliminate unnecessary handling of cardholder data (PAN), enabling effective scope reduction and supporting a successful, audit-ready Report on Compliance (ROC). 

 

This is a hands-on, discovery and process-focused role—ideal for someone who excels at understanding complex systems and translating them into clear, actionable insights. 

 

This is a remote position.

 

Key Responsibilities 

 

Payment Flow & Data Flow Mapping (Core Responsibility) 

• Document end-to-end payment workflows, including: 
  • Customer booking and payment processes 
  • Internal system interactions (phone system, back-office)
  • Third-party integrations (e.g., payment gateways, GDS, vendors) 
• Identify where cardholder data (PAN) is: 
  • Collected 
  • Processed 
  • Stored 
  • Transmitted 
• Develop and maintain: 
  • Data flow diagrams 
  • System interaction maps 
  • Process documentation aligned to PCI scope requirements  

 

PCI Scope Identification & Reduction Support 

• Analyze payment and data flows to identify opportunities to reduce PCI scope  
• Partner with Security, Operations and Finance teams to:  
  • Eliminate unnecessary PAN handling  
  • Support segmentation strategies  
  • Enable system isolation and scope containment  
• Ensure all scope-related documentation is accurate, complete, and defensible for audit  

 

Tokenization & Payment Process Redesign 

• Support design and implementation of tokenization strategies by:  
  • Mapping current vs. future-state payment flows  
  • Identifying systems and processes impacted by tokenization  
• Work with Product and Operations teams to:  
  • Redesign workflows to remove PAN from internal systems  
  • Eliminate manual or legacy payment handling processes  
• Document business and system changes required to support tokenization initiatives  

 

Requirements Development & Translation 

• Translate compliance and architectural requirements into:  
  • Clear business requirements  
  • Functional specifications  
  • User stories / tickets for engineering teams  
• Ensure requirements align with PCI DSS expectations and scope reduction goals  

 

Cross-Functional Stakeholder Engagement 

• Work with:  
  • Product and Engineering teams  
  • Finance and Operations (e.g., billing, refunds, call centers)  
  • Vendor and third-party stakeholders  
• Facilitate workshops and discovery sessions to understand real-world workflows vs. documented processes  

 

Process Analysis & Risk Identification 

• Identify:  
  • “Shadow” processes where cardholder data may be handled outside defined systems  
  • Manual workflows (e.g., call center payments, email handling of PAN)  
  • Gaps between intended and actual processes  
• Escalate risks and inefficiencies to the PCI Program Director  

 

Documentation & Audit Support 

• Maintain clear, structured documentation to support:  
  • PCI scope validation  
  • QSA review and audit defensibility  
• Ensure all process documentation aligns with:  
  • Control narratives  
  • Data flow diagrams  
  • System inventories  

 

Required Qualifications 

• Bachelor’s degree in Computer Science, Information Technology, or a related field or equivalent experience. 
• 4+ years of experience as a Business Analyst, preferably in complex system environments  
• Proven experience mapping end-to-end business processes and system workflows  
• Strong experience working with:  
  • Payment systems, financial transactions, or e-commerce platforms  
• Demonstrated ability to analyze and document data flows across multiple systems  
• Experience translating business needs into technical requirements  

 

Preferred Qualifications 

• Experience in PCI DSS environments or supporting compliance initiatives  
• Familiarity with:  
  • Payment gateways and processors  
  • Tokenization concepts and implementations  
• Experience in travel, hospitality, or high-volume transaction environments  
• Experience working with distributed systems and third-party integrations  

 

Key Competencies 

• Strong analytical and problem-solving skills  
• Exceptional documentation and process mapping abilities  
• Ability to simplify complex systems into clear, structured representations  
• Strong communication skills across technical and non-technical stakeholders  
• High attention to detail with a focus on accuracy and completeness  

 

Benefits Onboard

In addition to Medical, Dental, and Vision benefits Direct Travel offers an employee rewards and recognitions program, Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support.

 

Our Brand Voyage: About Direct Travel

Direct Travel is a leading provider of corporate travel management services. The company has been providing travel management for over 40 years, working with clients to develop highly customized travel programs. By leveraging both the expertise of its people and innovative solutions, Direct Travel enables clients to derive the greatest value from their travel program in terms of superior service, progressive technologies and significant cost savings. Direct Travel has offices in over 70 locations across North America and the UK and is currently ranked 12th on Travel Weekly’s Power List. For more information, visit www.dt.com.

 

Direct Travel is an EOE/AA/Veteran/People with Disabilities employer

 

If you're ready to chart a new course and advance your career with the valuable moments and travel experiences that await, we welcome you to submit your resume for consideration at Direct Travel.

 

#LI-Remote