PCI & SOX Compliance Specialist

Navan


Job Location:

London - UK

Monthly Salary: Not Disclosed
Posted on: 2 days ago
Vacancies: 1 Vacancy

Job Summary


The Security Compliance Analyst will be a critical hands-on member of the Navan Governance Risk Compliance and Trust (GRCT) Team specifically embedded in London to drive the compliance integration between Navan and Reed & Mackay.

This is not a high-level policy writing or checking boxes role. We are looking for an active execution-focused compliance professional to untangle legacy systems map control deficiencies and run daily operational workflows. Acting as a decisive bridge between engineering sprint teams IT infrastructure and US-based external auditors you will own the day-to-day transaction compliance and technical evidence pipeline that keeps our global travel and expense platforms bulletproof.


What Youll Do

  • Own Vulnerability Remediation Loops: Actively track and oversee quarterly PCI ASV scans and penetration testing cycles collaborating directly with IT and engineering teams to ensure patches are executed within strict SLA windows.
  • Lead the Integration Pipeline: Conduct continuous gap analyses and map security controls as we merge legacy travel infrastructure into Navans modern cloud frameworks.
  • Drive SOX 404 Controls: Take ownership of testing and validating IT General Controls (ITGCs) under Sarbanes-Oxley Section 404 with a heavy emphasis on access control management (Joiners/Movers/Leavers) and secure code deployment.
  • Embed with Engineering: Partner with development teams to automate manual evidence gathering translating rigid compliance jargon into clear actionable JIRA tickets.
  • Collaborate Globally: Partner closely with US-based audit firms and compliance bodies. This includes a flexible schedule to work late hours (until 9:00 PM10:00 PM) a few days per month on specific US alignment days.
  • Track Open Deficiencies: Manage the risk register and remediation tracking lifecycle from initial identification to final verification and closure.

What Were Looking For

  • Experience: Minimum of 3 years of hands-on corporate operational experience in information security compliance. You must have active experience sitting on a corporate security or IT teampurely academic training or governmental advisory backgrounds will not fit the speed of this role.
  • PCI & SOX Technical Depth: Proved practical exposure executing compliance frameworks for transactional environments. You must understand Section 404 ITGCs and the technical mechanics of PCI DSS (including cardholder data protection environments and SAQs).
  • Tools & Systems Mastery: Comfortable navigating tracking platforms such as JIRA ServiceNow GRC or AuditBoard to monitor assign and resolve open compliance findings.
  • A Technical Edge: A baseline technical background (e.g. computer science systems administration or IT support) that allows you to confidently push back on or guide engineers during patch cycles.
  • Location & Hours Flexibility: Willingness to work under a hybrid model out of our London office (4 days a week) and the routine flexibility needed to support monthly evening shifts for US team synchronization.
  • Language requirements: Full proficiency in English.
  • Bonus Points: Certifications such as CompTIA Security or ISO 27001 Internal Auditor.

Required Experience:

IC

The Security Compliance Analyst will be a critical hands-on member of the Navan Governance Risk Compliance and Trust (GRCT) Team specifically embedded in London to drive the compliance integration between Navan and Reed & Mackay.This is not a high-level policy writing or checking boxes role. We are ...

About Company

Streamline your corporate travel management and expense processes in one app. Save time, gain efficiency, and reduce costs with this powerful, all-in-one solution.

View Profile View Profile