Direct TravelRemote
Business Analyst - PCI / Payment Systems
United States of America
Full Time
4 weeks ago
No H1B
Key skills
Business Process MappingPayment SystemsFinancial TransactionsE-commerce PlatformsData Flow AnalysisTechnical Requirements TranslationPCI DSS CompliancePayment GatewaysTokenizationDistributed SystemsThird-party IntegrationsProgram ManagementVendor ManagementContract NegotiationAgile MethodologiesCloud PlatformsPMP CertificationITIL CertificationStakeholder ManagementAnalytical SkillsProject ManagementAWSAzureERPAgileLeadershipCommunicationCollaborationNegotiationPresentation SkillsCustomer SuccessSales
About this role
Direct Travel is a leading provider of corporate travel management services, and they are seeking a highly analytical and detail-oriented Business Analyst. The role focuses on achieving PCI DSS Level 1 Service Provider compliance through payment flow optimization and data handling improvements.
Responsibilities:
- Document end-to-end payment workflows, including:
- Customer booking and payment processes
- Internal system interactions (phone system, back-office)
- Third-party integrations (e.g., payment gateways, GDS, vendors)
- Identify where cardholder data (PAN) is:
- Collected
- Processed
- Stored
- Transmitted
- Develop and maintain:
- Data flow diagrams
- System interaction maps
- Process documentation aligned to PCI scope requirements
- Analyze payment and data flows to identify opportunities to reduce PCI scope
- Partner with Security, Operations and Finance teams to:
- Eliminate unnecessary PAN handling
- Support segmentation strategies
- Enable system isolation and scope containment
- Ensure all scope-related documentation is accurate, complete, and defensible for audit
- Support design and implementation of tokenization strategies by:
- Mapping current vs. future-state payment flows
- Identifying systems and processes impacted by tokenization
- Work with Product and Operations teams to:
- Redesign workflows to remove PAN from internal systems
- Eliminate manual or legacy payment handling processes
- Document business and system changes required to support tokenization initiatives
- Translate compliance and architectural requirements into:
- Clear business requirements
- Functional specifications
- User stories / tickets for engineering teams
- Ensure requirements align with PCI DSS expectations and scope reduction goals
- Work with:
- Product and Engineering teams
- Finance and Operations (e.g., billing, refunds, call centers)
- Vendor and third-party stakeholders
- Facilitate workshops and discovery sessions to understand real-world workflows vs. documented processes
- Identify:
- “Shadow” processes where cardholder data may be handled outside defined systems
- Manual workflows (e.g., call center payments, email handling of PAN)
- Gaps between intended and actual processes
- Escalate risks and inefficiencies to the PCI Program Director
- Maintain clear, structured documentation to support:
- PCI scope validation
- QSA review and audit defensibility
- Ensure all process documentation aligns with:
- Control narratives
- Data flow diagrams
- System inventories
Requirements:
- Bachelor's degree in Computer Science, Information Technology, or a related field or equivalent experience
- 4+ years of experience as a Business Analyst, preferably in complex system environments
- Proven experience mapping end-to-end business processes and system workflows
- Strong experience working with payment systems, financial transactions, or e-commerce platforms
- Demonstrated ability to analyze and document data flows across multiple systems
- Experience translating business needs into technical requirements
- Bachelor's degree in business, Computer Science, Information Systems, or a related field; advanced degree preferred
- 10+ years of experience in IT enterprise services, business operations, or IT leadership, with a proven track record in cross-functional and cross-organizational roles
- Deep expertise in cloud platforms (e.g., AWS, Azure, SFDC, Cloud ERP, Customer Success, Services) and E2E application architecture
- Strong program and project management skills, with experience delivering large-scale, complex initiatives
- Excellent communication, stakeholder management, and executive presentation skills
- Proven ability to analyze and optimize business processes for operational excellence
- Experience with vendor management and contract negotiation
- Familiarity with Agile methodologies and continuous improvement practices
- Must be able to lawfully work within the US/Canada and have unrestricted work authorization
- Knowledge of E2E Application Ecosystem, financial and business processes relevant to Sales, Marketing, Service, Support & ERP systems
- Familiarity with customer facing cloud applications
- Ability to work effectively in a collaborative, cross-functional environment
- Strong problem-solving and analytical skills
- Industry certifications such as PMP, ITIL, or cloud platform certifications
- Experience with data-intensive solutions, distributed systems, and highly available services
- Strong analytical, decision-making, and problem-solving abilities
- High emotional intelligence and the ability to drive organizational change through influence and collaboration
- Experience in PCI DSS environments or supporting compliance initiatives
- Familiarity with payment gateways and processors
- Tokenization concepts and implementations
- Experience in travel, hospitality, or high-volume transaction environments
- Experience working with distributed systems and third-party integrations