Sr. GRC/PCI Compliance Analyst

Direct Travel

Direct Travel

IT, Compliance / Regulatory

United States · Remote

Posted on May 4, 2026
Apply now

Position Overview

We are seeking a detail-oriented and execution-focused GRC / PCI Compliance Analyst to support a critical enterprise initiative: achieving PCI DSS Level 1 Service Provider compliance and delivering a successful, audit-ready Report on Compliance (ROC).

 

This role will work closely with the PCI Program Director to drive control implementation, documentation, and audit readiness across the organization. The ideal candidate has hands-on experience supporting PCI audits, managing evidence collection, and operationalizing controls in complex environments.

 

This is a high-impact, execution-heavy role responsible for ensuring controls are not only designed, but documented, validated, and audit-ready.

 

This is a remote position.

 

Key Responsibilities

 

PCI Control Implementation & Support

  • Support the implementation and operationalization of PCI DSS v4.0 controls across infrastructure, applications, and business processes.
  • Partner with control owners to ensure requirements are clearly understood and effectively implemented.
  • Track control status, gaps, and remediation progress.

 

Documentation & Evidence Management

  • Develop and maintain:
    • Policies, standards, and procedures aligned to PCI DSS
    • Control narratives and process documentation
  • Evidence artifacts required for audit
  • Build and manage a centralized evidence repository mapped to PCI requirements.
  • Ensure all documentation is accurate, complete, and audit-defensible.

 

Audit Readiness & Support

  • Prepare the organization for PCI assessment by:
    • Validating control implementation
    • Conducting internal readiness reviews
    • Identifying and remediating documentation gaps
  • Support the QSA audit process, including:
    • Responding to evidence requests
    • Coordinating interviews and walkthroughs
    • Tracking audit findings and follow-ups

 

Scope Documentation & Control Mapping

  • Assist in maintaining:
    • Data flow diagrams
    • System inventories
    • Cardholder Data Environment (CDE) documentation
  • Map controls to PCI DSS requirements and ensure traceability between:
    • Requirements
    • Controls
    • Evidence

 

Risk & Gap Management

  • Support PCI gap assessments across systems, applications, and vendors.
  • Track and manage remediation items, ensuring timely closure.
  • Identify control weaknesses and escalate risks to the Program Director.

 

Cross-Functional Coordination

  • Work closely with:
    • IT / Security
    • Business and Operations teams
    • Application Development teams
    • Legal / Compliance / Risk
  • Ensure alignment between technical implementation and compliance requirements.

 

Tokenization & Scope Reduction Support

  • Support documentation and validation of scope reduction initiatives, including:
    • Tokenization implementations
    • Segmentation strategies
  • Ensure evidence clearly demonstrates reduction of PCI scope and removal of PAN from systems where applicable.

 

Required Qualifications

  • Bachelor’s degree in Computer Science, Information Technology, or a related field or equivalent experience.
  • 5+ years of experience in GRC, compliance, or information security
  • Hands-on experience supporting PCI DSS audits or compliance programs
  • Strong understanding of:
    • PCI DSS requirements and control structure
    • Control documentation and evidence expectations
  • Experience managing audit evidence and documentation repositories
  • Strong organizational skills with high attention to detail

 

Preferred Qualifications

  • Experience supporting a PCI DSS ROC (merchant or service provider)
  • ISA (Internal Security Assessor) certification
  • Experience with:
    • GRC tools (e.g., OneTrust (preferred), Archer, ServiceNow GRC,
    • Audit/evidence management platforms
  • Familiarity with:
    • ISO 27001
    • SOC 1 / SOC 2
    • GDPR or data privacy frameworks

 

Key Competencies

  • Strong attention to detail and documentation discipline
  • Ability to translate compliance requirements into clear, actionable documentation
  • High accountability and ownership mindset
  • Strong organizational and project tracking skills
  • Ability to manage multiple workstreams and deadlines simultaneously

 

Benefits Onboard

In addition to Medical, Dental, and Vision benefits Direct Travel offers an employee rewards and recognitions program, Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support.

 

Our Brand Voyage: About Direct Travel

Direct Travel is a leading provider of corporate travel management services. The company has been providing travel management for over 40 years, working with clients to develop highly customized travel programs. By leveraging both the expertise of its people and innovative solutions, Direct Travel enables clients to derive the greatest value from their travel program in terms of superior service, progressive technologies and significant cost savings. Direct Travel has offices in over 70 locations across North America and the UK and is currently ranked 12th on Travel Weekly’s Power List. For more information, visit www.dt.com.

 

Direct Travel is an EOE/AA/Veteran/People with Disabilities employer

 

If you're ready to chart a new course and advance your career with the valuable moments and travel experiences that await, we welcome you to submit your resume for consideration at Direct Travel.

 

#LI-Remote

Apply now
See more open positions at Direct Travel