Direct TravelRemote
Business Analyst - PCI / Payment Systems
United States of America
Full Time
2 weeks ago
Visa Sponsor
About this role
Direct Travel is a leading provider of corporate travel management services. The company is seeking a highly analytical Business Analyst to support PCI DSS Level 1 Service Provider compliance through payment flow optimization and tokenization initiatives.
Responsibilities:
- Document end-to-end payment workflows, including:
- Customer booking and payment processes
- Internal system interactions (phone system, back-office)
- Third-party integrations (e.g., payment gateways, GDS, vendors)
- Identify where cardholder data (PAN) is:
- Collected
- Processed
- Stored
- Transmitted
- Develop and maintain:
- Data flow diagrams
- System interaction maps
- Process documentation aligned to PCI scope requirements
- Analyze payment and data flows to identify opportunities to reduce PCI scope
- Partner with Security, Operations and Finance teams to:
- Eliminate unnecessary PAN handling
- Support segmentation strategies
- Enable system isolation and scope containment
- Ensure all scope-related documentation is accurate, complete, and defensible for audit
- Support design and implementation of tokenization strategies by:
- Mapping current vs. future-state payment flows
- Identifying systems and processes impacted by tokenization
- Work with Product and Operations teams to:
- Redesign workflows to remove PAN from internal systems
- Eliminate manual or legacy payment handling processes
- Document business and system changes required to support tokenization initiatives
- Translate compliance and architectural requirements into:
- Clear business requirements
- Functional specifications
- User stories / tickets for engineering teams
- Ensure requirements align with PCI DSS expectations and scope reduction goals
- Work with:
- Product and Engineering teams
- Finance and Operations (e.g., billing, refunds, call centers)
- Vendor and third-party stakeholders
- Facilitate workshops and discovery sessions to understand real-world workflows vs. documented processes
- Identify:
- “Shadow” processes where cardholder data may be handled outside defined systems
- Manual workflows (e.g., call center payments, email handling of PAN)
- Gaps between intended and actual processes
- Escalate risks and inefficiencies to the PCI Program Director
- Maintain clear, structured documentation to support:
- PCI scope validation
- QSA review and audit defensibility
- Ensure all process documentation aligns with:
- Control narratives
- Data flow diagrams
- System inventories
Requirements:
- Bachelor's degree in Computer Science, Information Technology, or a related field or equivalent experience
- 4+ years of experience as a Business Analyst, preferably in complex system environments
- Proven experience mapping end-to-end business processes and system workflows
- Strong experience working with: Payment systems, financial transactions, or e-commerce platforms
- Demonstrated ability to analyze and document data flows across multiple systems
- Experience translating business needs into technical requirements
- Experience in PCI DSS environments or supporting compliance initiatives
- Familiarity with: Payment gateways and processors
- Tokenization concepts and implementations
- Experience in travel, hospitality, or high-volume transaction environments
- Experience working with distributed systems and third-party integrations