PCI & SOX Compliance Specialist
Job Summary
The Security Compliance Analyst will be a critical hands-on member of the Navan Governance Risk Compliance and Trust (GRCT) Team specifically embedded in London to drive the compliance integration between Navan and Reed & Mackay.
This is not a high-level policy writing or checking boxes role. We are looking for an active execution-focused compliance professional to untangle legacy systems map control deficiencies and run daily operational workflows. Acting as a decisive bridge between engineering sprint teams IT infrastructure and US-based external auditors you will own the day-to-day transaction compliance and technical evidence pipeline that keeps our global travel and expense platforms bulletproof.
What Youll Do
- Own Vulnerability Remediation Loops: Actively track and oversee quarterly PCI ASV scans and penetration testing cycles collaborating directly with IT and engineering teams to ensure patches are executed within strict SLA windows.
- Lead the Integration Pipeline: Conduct continuous gap analyses and map security controls as we merge legacy travel infrastructure into Navans modern cloud frameworks.
- Drive SOX 404 Controls: Take ownership of testing and validating IT General Controls (ITGCs) under Sarbanes-Oxley Section 404 with a heavy emphasis on access control management (Joiners/Movers/Leavers) and secure code deployment.
- Embed with Engineering: Partner with development teams to automate manual evidence gathering translating rigid compliance jargon into clear actionable JIRA tickets.
- Collaborate Globally: Partner closely with US-based audit firms and compliance bodies. This includes a flexible schedule to work late hours (until 9:00 PM10:00 PM) a few days per month on specific US alignment days.
- Track Open Deficiencies: Manage the risk register and remediation tracking lifecycle from initial identification to final verification and closure.
What Were Looking For
- Experience: Minimum of 3 years of hands-on corporate operational experience in information security compliance. You must have active experience sitting on a corporate security or IT teampurely academic training or governmental advisory backgrounds will not fit the speed of this role.
- PCI & SOX Technical Depth: Proved practical exposure executing compliance frameworks for transactional environments. You must understand Section 404 ITGCs and the technical mechanics of PCI DSS (including cardholder data protection environments and SAQs).
- Tools & Systems Mastery: Comfortable navigating tracking platforms such as JIRA ServiceNow GRC or AuditBoard to monitor assign and resolve open compliance findings.
- A Technical Edge: A baseline technical background (e.g. computer science systems administration or IT support) that allows you to confidently push back on or guide engineers during patch cycles.
- Location & Hours Flexibility: Willingness to work under a hybrid model out of our London office (4 days a week) and the routine flexibility needed to support monthly evening shifts for US team synchronization.
- Language requirements: Full proficiency in English.
- Bonus Points: Certifications such as CompTIA Security or ISO 27001 Internal Auditor.
Required Experience:
IC
About Company
Streamline your corporate travel management and expense processes in one app. Save time, gain efficiency, and reduce costs with this powerful, all-in-one solution.