Role Description We are seeking a detail-oriented and execution-focused GRC / PCI Compliance Analyst to support a critical enterprise initiative: achieving PCI DSS Level 1 Service Provider compliance and delivering a successful, audit-ready Report on Compliance (ROC). This role will work closely with the PCI Program Director to drive control implementation, documentation, and audit readiness across the organization. The ideal candidate has hands-on experience supporting PCI audits, managing evidence collection, and operationalizing controls in complex environments. This is a high-impact, execution-heavy role responsible for ensuring controls are not only designed, but documented, validated, and audit-ready. This is a remote position. Key Responsibilities - PCI Control Implementation & Support - Support the implementation and operationalization of PCI DSS v4.0 controls across infrastructure, applications, and business processes. - Partner with control owners to ensure requirements are clearly understood and effectively implemented. - Track control status, gaps, and remediation progress. - Documentation & Evidence Management - Develop and maintain policies, standards, and procedures aligned to PCI DSS. - Create control narratives and process documentation. - Manage evidence artifacts required for audit. - Build and manage a centralized evidence repository mapped to PCI requirements. - Ensure all documentation is accurate, complete, and audit-defensible. - Audit Readiness & Support - Prepare the organization for PCI assessment by validating control implementation. - Conduct internal readiness reviews. - Identify and remediate documentation gaps. - Support the QSA audit process, including responding to evidence requests, coordinating interviews and walkthroughs, and tracking audit findings and follow-ups. - Scope Documentation & Control Mapping - Assist in maintaining data flow diagrams, system inventories, and Cardholder Data Environment (CDE) documentation. - Map controls to PCI DSS requirements and ensure traceability between requirements, controls, and evidence. - Risk & Gap Management - Support PCI gap assessments across systems, applications, and vendors. - Track and manage remediation items, ensuring timely closure. - Identify control weaknesses and escalate risks to the Program Director. - Cross-Functional Coordination - Work closely with IT / Security, Business and Operations teams, Application Development teams, and Legal / Compliance / Risk. - Ensure alignment between technical implementation and compliance requirements. - Tokenization & Scope Reduction Support - Support documentation and validation of scope reduction initiatives, including tokenization implementations and segmentation strategies. - Ensure evidence clearly demonstrates reduction of PCI scope and removal of PAN from systems where applicable. Qualifications - Bachelor’s degree in Computer Science, Information Technology, or a related field or equivalent experience. - 5+ years of experience in GRC, compliance, or information security. - Hands-on experience supporting PCI DSS audits or compliance programs. - Strong understanding of PCI DSS requirements and control structure. - Control documentation and evidence expectations. - Experience managing audit evidence and documentation repositories. - Strong organizational skills with high attention to detail. Preferred Qualifications - Experience supporting a PCI DSS ROC (merchant or service provider). - ISA (Internal Security Assessor) certification. - Experience with GRC tools (e.g., OneTrust (preferred), Archer, ServiceNow GRC, Audit/evidence management platforms). - Familiarity with ISO 27001, SOC 1 / SOC 2, GDPR or data privacy frameworks. Key Competencies - Strong attention to detail and documentation discipline. - Ability to translate compliance requirements into clear, actionable documentation. - High accountability and ownership mindset. - Strong organizational and project tracking skills. - Ability to manage multiple workstreams and deadlines simultaneously. Benefits - Medical, Dental, and Vision benefits. - Employee rewards and recognitions program. - Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support. Company Description Direct Travel is a leading provider of corporate travel management services. The company has been providing travel management for over 40 years, working with clients to develop highly customized travel programs. By leveraging both the expertise of its people and innovative solutions, Direct Travel enables clients to derive the greatest value from their travel program in terms of superior service, progressive technologies and significant cost savings. Direct Travel has offices in over 70 locations across North America and the UK and is currently ranked 12th on Travel Weekly’s Power List.

• Support the planning, coordination, and execution of global regulatory submissions, including INDs, CTAs, BLAs, NDAs, MAAs, and amendments, ensuring compliance with global regulatory requirements and timelines. • This role interfaces with external publishing vendor(s) for the preparation of submissions, and internal stakeholders to provide operational oversight and support for eCTD regulatory submission activities. • Maintain regulatory documentation, submission records, and regulatory information within regulatory systems and document management platforms. • Oversee regulatory document management, tracking, and archival activities. • Support regulatory systems (e.g., Veeva RIM), and serve as internal subject matter expert (SME) for training and support to internal stakeholders. • Coordinate regulatory submission activities including document readiness, publishing, quality control, and electronic submission (eCTD) processes. • Support preparation and operational coordination of regulatory agency interactions, including briefing document planning and submission logistics. • Monitor and track submission deliverables and milestones, identifying risks and proactively working with stakeholders to mitigate potential delays. • Ensure compliance with global regulatory submission standards, including eCTD structure, formatting, and publishing requirements. • Contribute to the development and implementation of regulatory operations processes, tools, and best practices to improve efficiency and consistency across programs. • Support lifecycle management activities, including post-approval submissions, amendments, annual reports, and regulatory correspondence.

Identify and analyze regulatory issues impacting business divisions, maintain relationships with stakeholders, and advise on compliance strategies while ensuring adherence to regulations and monitoring compliance processes.

• Perform independent QC reviews of AML, KYC/CDD/EDD, and Sanctions screening work completed for US correspondent and intermediary banking clients • Review customer due diligence files, risk assessments, transaction monitoring outputs, sanctions alerts, and periodic reviews for accuracy, completeness, and regulatory compliance • Identify control gaps, regulatory deficiencies, and documentation weaknesses • Maintain strong understanding of US regulatory expectations applicable to correspondent and intermediary banking.