SECTION I · THE BRIEF
Brief #98251Updated 09 JUL 2026LONDONGreenhouseLIGHTSPEED VENTURE PARTNERS
Employbl Company Profile

PCI & SOX Compliance Specialist

TripActions is a travel management company for businesses and business travelers. Booking and managing travel can be done on the web or via a smartphone app.

Location
London
Company size
2,000–5,000
Posted
6d ago
Via
Greenhouse
Section II · Premium ProfileMembers only
  • 01Comp band & equity packageLocked
  • 02Seniority & experience requirementsLocked
  • 03Interview process & rubricLocked
  • 04Hiring manager & team contextLocked
  • 05Growth trajectory in this roleLocked
  • 06Offer & decision timelineLocked

7-day free trial · $25/mo · cancel anytime

TripActions logo

PCI & SOX Compliance Specialist · TripActions

View company profile
Job title
PCI & SOX Compliance Specialist
Job location
London, UK
Job description


The Security Compliance Analyst will be a critical, hands-on member of the Navan Governance, Risk, Compliance, and Trust (GRCT) Team, specifically embedded in London to drive the compliance integration between Navan and Reed & Mackay.

This is not a high-level policy writing or checking boxes role. We are looking for an active, execution-focused compliance professional to untangle legacy systems, map control deficiencies, and run daily operational workflows. Acting as a decisive bridge between engineering sprint teams, IT infrastructure, and US-based external auditors, you will own the day-to-day transaction compliance and technical evidence pipeline that keeps our global travel and expense platforms bulletproof.


What You’ll Do

  • Own Vulnerability Remediation Loops: Actively track and oversee quarterly PCI ASV scans and penetration testing cycles, collaborating directly with IT and engineering teams to ensure patches are executed within strict SLA windows.
  • Lead the Integration Pipeline: Conduct continuous gap analyses and map security controls as we merge legacy travel infrastructure into Navan's modern cloud frameworks.
  • Drive SOX 404 Controls: Take ownership of testing and validating IT General Controls (ITGCs) under Sarbanes-Oxley Section 404, with a heavy emphasis on access control management (Joiners/Movers/Leavers) and secure code deployment.
  • Embed with Engineering: Partner with development teams to automate manual evidence gathering, translating rigid compliance jargon into clear, actionable JIRA tickets.
  • Collaborate Globally: Partner closely with US-based audit firms and compliance bodies. This includes a flexible schedule to work late hours (until 9:00 PM–10:00 PM) a few days per month on specific US alignment days.
  • Track Open Deficiencies: Manage the risk register and remediation tracking lifecycle from initial identification to final verification and closure.

 

What We’re Looking For

  • Experience: Minimum of 3+ years of hands-on, corporate operational experience in information security compliance. You must have active experience sitting on a corporate security or IT team—purely academic, training, or governmental advisory backgrounds will not fit the speed of this role.
  • PCI & SOX Technical Depth: Proved, practical exposure executing compliance frameworks for transactional environments. You must understand Section 404 ITGCs and the technical mechanics of PCI DSS (including cardholder data protection environments and SAQs).
  • Tools & Systems Mastery: Comfortable navigating tracking platforms such as JIRA, ServiceNow GRC, or AuditBoard to monitor, assign, and resolve open compliance findings.
  • A Technical Edge: A baseline technical background (e.g., computer science, systems administration, or IT support) that allows you to confidently push back on or guide engineers during patch cycles.
  • Location & Hours Flexibility: Willingness to work under a hybrid model out of our London office (4 days a week) and the routine flexibility needed to support monthly evening shifts for US team synchronization.
  • Language requirements: Full proficiency in English.
  • Bonus Points: Certifications such as CompTIA Security+ or ISO 27001 Internal Auditor.
View job listing ↗

Get the Saturday tech briefing

New company profiles, funding moves, and who’s hiring across the market — every Saturday morning.

TripActions headquarters

Palo Alto, CA

Company size

2,0005,000 employees

Founded

2015

Total raised

$2,240,500,224

View company profile ↗

Funding rounds

  • IPOUndisclosed
  • Debt Financing$400M
  • Debt Financing$400M
  • Series G$154M
  • Debt Financing$150M
  • Debt Financing$150M
  • Series G$154M
  • Series F$275M
  • Series F$275M
  • Series E$155M
  • Series E$155M
  • Debt Financing$125M
  • Debt Financing$125M
  • Debt Financing$500M
  • Debt Financing$500M
  • Series D$250M
  • Series D$250M
  • Series C$154M
  • Series C$154M
  • Grant$750K
  • Series B$51M
  • Series B$51M
  • Series A$12.5M
  • Series A$12.5M
  • Series A$14.6M
  • Series A$10M
  • Series A$10M
  • Seed$4M
  • Seed$4M