PCI & SOX Compliance Specialist

Posted Yesterday
Easy Apply
Be an Early Applicant
London, Greater London, England, GBR
Hybrid
Mid level
Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Travel & expense made easy.
The Role
Execute day-to-day PCI and SOX compliance operations: manage ASV scans and pen tests, map/control gaps during legacy-to-cloud integrations, own ITGC testing (access controls), automate evidence collection with engineering, coordinate with US auditors, and track remediation from identification to closure.
Summary Generated by Built In

The Security Compliance Analyst will be a critical, hands-on member of the Navan Governance, Risk, Compliance, and Trust (GRCT) Team, specifically embedded in London to drive the compliance integration between Navan and Reed & Mackay.

This is not a high-level policy writing or checking boxes role. We are looking for an active, execution-focused compliance professional to untangle legacy systems, map control deficiencies, and run daily operational workflows. Acting as a decisive bridge between engineering sprint teams, IT infrastructure, and US-based external auditors, you will own the day-to-day transaction compliance and technical evidence pipeline that keeps our global travel and expense platforms bulletproof.

What You’ll Do

  • Own Vulnerability Remediation Loops: Actively track and oversee quarterly PCI ASV scans and penetration testing cycles, collaborating directly with IT and engineering teams to ensure patches are executed within strict SLA windows.
  • Lead the Integration Pipeline: Conduct continuous gap analyses and map security controls as we merge legacy travel infrastructure into Navan's modern cloud frameworks.
  • Drive SOX 404 Controls: Take ownership of testing and validating IT General Controls (ITGCs) under Sarbanes-Oxley Section 404, with a heavy emphasis on access control management (Joiners/Movers/Leavers) and secure code deployment.
  • Embed with Engineering: Partner with development teams to automate manual evidence gathering, translating rigid compliance jargon into clear, actionable JIRA tickets.
  • Collaborate Globally: Partner closely with US-based audit firms and compliance bodies. This includes a flexible schedule to work late hours (until 9:00 PM–10:00 PM) a few days per month on specific US alignment days.
  • Track Open Deficiencies: Manage the risk register and remediation tracking lifecycle from initial identification to final verification and closure.

What We’re Looking For

  • Experience: Minimum of 3+ years of hands-on, corporate operational experience in information security compliance. You must have active experience sitting on a corporate security or IT team—purely academic, training, or governmental advisory backgrounds will not fit the speed of this role.
  • PCI & SOX Technical Depth: Proved, practical exposure executing compliance frameworks for transactional environments. You must understand Section 404 ITGCs and the technical mechanics of PCI DSS (including cardholder data protection environments and SAQs).
  • Tools & Systems Mastery: Comfortable navigating tracking platforms such as JIRA, ServiceNow GRC, or AuditBoard to monitor, assign, and resolve open compliance findings.
  • A Technical Edge: A baseline technical background (e.g., computer science, systems administration, or IT support) that allows you to confidently push back on or guide engineers during patch cycles.
  • Location & Hours Flexibility: Willingness to work under a hybrid model out of our London office (4 days a week) and the routine flexibility needed to support monthly evening shifts for US team synchronization.
  • Language requirements: Full proficiency in English.
  • Bonus Points: Certifications such as CompTIA Security+ or ISO 27001 Internal Auditor.

Skills Required

  • Minimum 3+ years hands-on corporate operational experience in information security compliance
  • Active experience as part of a corporate security or IT team (not academic or advisory only)
  • Practical experience executing PCI DSS for transactional environments, including cardholder data protection and SAQs
  • Experience executing SOX Section 404 ITGC testing, especially access control (Joiners/Movers/Leavers) and secure deployment controls
  • Experience tracking and overseeing PCI ASV scans and penetration testing cycles and remediation
  • Proficiency with tracking platforms such as JIRA, ServiceNow GRC, or AuditBoard
  • Baseline technical background (computer science, systems administration, or IT support) to engage engineers on patch cycles
  • Willingness to work hybrid in London office (4 days/week) and flexibly support evening US alignment shifts a few days/month
  • Full proficiency in English
  • Certifications such as CompTIA Security+ or ISO 27001 Internal Auditor

What the Team is Saying

Brian Guimond
Adamas Victória Cavalcante Robitz
Bastian Martino
Charlotte Delafosse
Daniella Schuh
Alice Rao-Wyckoff
Mily O Loughlin
Anna
Roshni
Henry Statfeld
Jose Soares

Navan Compensation & Benefits Highlights

  • Healthcare Strength The package includes medical, dental, and vision coverage for employees and dependents, along with mental health resources such as Headspace. Additional protections like disability and life insurance and options like FSA are described.
  • Parental & Family Support Paid parental leave is specified as 16 weeks for the birthing parent and 10 weeks for the non‑birthing parent, with family medical leave also available. Supportive amenities such as an onsite Mother’s Room and company‑sponsored family events are included.
  • Leave & Time Off Breadth Flexible/unlimited vacation and generous PTO structures are highlighted, alongside paid holidays and sick time. Bereavement leave is also offered across many locations.

Navan Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Palo Alto, CA
3,300 Employees
Year Founded: 2015

What We Do

Navan (Nasdaq: NAVN) is the leading all-in-one business travel, payments, and expense management platform that makes travel easy for frequent travelers. From finding flights and hotels to automating expense reconciliation, with 24/7 support along the way, Navan delivers an intuitive experience travelers love and finance teams rely on. See how Navan customers benefit and learn more at navan.com.

Why Work With Us

At Navan, we’re never satisfied with the status quo, and we know breakthrough ideas come from diverse perspectives. We are committed to cultivating a workplace that reflects the diversity of the customers we serve while fostering leadership and innovation.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Navan Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

In-person connections is the foundation of Navan, the connections forged through face-to-face interactions improve company culture and what we can achieve together. We operate on a hybrid working model, which we define as four days a week in-office.

Typical time on-site: 4 days a week
HQPalo Alto, CA
Austin, TX
Bengaluru, IN
Berlin, DE
Boston, MA
Dallas, TX
Gurugram, IN
Lisbon, PT
London, GB
New Delhi, Delhi
New York, NY
Paris, FR
San Francisco, CA
Singapore
Sydney, AU
Tel Aviv-Yafo, IL
Learn more

Similar Jobs

Navan Logo Navan

Technical Recruiter

Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Easy Apply
Hybrid
London, Greater London, England, GBR
3300 Employees

Navan Logo Navan

Global Talent Attraction Manager

Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Easy Apply
Hybrid
London, Greater London, England, GBR
3300 Employees

Navan Logo Navan

Software Engineer

Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Easy Apply
Hybrid
London, Greater London, England, GBR
3300 Employees

Navan Logo Navan

Operations Manager

Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Easy Apply
Hybrid
London, Greater London, England, GBR
3300 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account