Navan Logo

Navan

PCI & SOX Compliance Specialist

Posted Yesterday
Be an Early Applicant
Easy Apply
Hybrid
London, Greater London, England, GBR
Mid level
Easy Apply
Hybrid
London, Greater London, England, GBR
Mid level
Execute day-to-day PCI and SOX compliance operations: manage ASV scans and pen tests, map/control gaps during legacy-to-cloud integrations, own ITGC testing (access controls), automate evidence collection with engineering, coordinate with US auditors, and track remediation from identification to closure.
The summary above was generated by AI

The Security Compliance Analyst will be a critical, hands-on member of the Navan Governance, Risk, Compliance, and Trust (GRCT) Team, specifically embedded in London to drive the compliance integration between Navan and Reed & Mackay.

This is not a high-level policy writing or checking boxes role. We are looking for an active, execution-focused compliance professional to untangle legacy systems, map control deficiencies, and run daily operational workflows. Acting as a decisive bridge between engineering sprint teams, IT infrastructure, and US-based external auditors, you will own the day-to-day transaction compliance and technical evidence pipeline that keeps our global travel and expense platforms bulletproof.

What You’ll Do

  • Own Vulnerability Remediation Loops: Actively track and oversee quarterly PCI ASV scans and penetration testing cycles, collaborating directly with IT and engineering teams to ensure patches are executed within strict SLA windows.
  • Lead the Integration Pipeline: Conduct continuous gap analyses and map security controls as we merge legacy travel infrastructure into Navan's modern cloud frameworks.
  • Drive SOX 404 Controls: Take ownership of testing and validating IT General Controls (ITGCs) under Sarbanes-Oxley Section 404, with a heavy emphasis on access control management (Joiners/Movers/Leavers) and secure code deployment.
  • Embed with Engineering: Partner with development teams to automate manual evidence gathering, translating rigid compliance jargon into clear, actionable JIRA tickets.
  • Collaborate Globally: Partner closely with US-based audit firms and compliance bodies. This includes a flexible schedule to work late hours (until 9:00 PM–10:00 PM) a few days per month on specific US alignment days.
  • Track Open Deficiencies: Manage the risk register and remediation tracking lifecycle from initial identification to final verification and closure.

What We’re Looking For

  • Experience: Minimum of 3+ years of hands-on, corporate operational experience in information security compliance. You must have active experience sitting on a corporate security or IT team—purely academic, training, or governmental advisory backgrounds will not fit the speed of this role.
  • PCI & SOX Technical Depth: Proved, practical exposure executing compliance frameworks for transactional environments. You must understand Section 404 ITGCs and the technical mechanics of PCI DSS (including cardholder data protection environments and SAQs).
  • Tools & Systems Mastery: Comfortable navigating tracking platforms such as JIRA, ServiceNow GRC, or AuditBoard to monitor, assign, and resolve open compliance findings.
  • A Technical Edge: A baseline technical background (e.g., computer science, systems administration, or IT support) that allows you to confidently push back on or guide engineers during patch cycles.
  • Location & Hours Flexibility: Willingness to work under a hybrid model out of our London office (4 days a week) and the routine flexibility needed to support monthly evening shifts for US team synchronization.
  • Language requirements: Full proficiency in English.
  • Bonus Points: Certifications such as CompTIA Security+ or ISO 27001 Internal Auditor.

Navan London, England Office

81-87 High Holborn, London, United Kingdom, WC1V 6DF

Similar Jobs at Navan

2 Minutes Ago
Easy Apply
Hybrid
London, Greater London, England, GBR
Easy Apply
Senior level
Senior level
Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Lead full-cycle technical recruiting for engineering (backend, frontend, mobile). Partner with senior leaders on hiring strategy, own pipeline health, innovate sourcing and tools, and use analytics to optimize interview funnels and hiring outcomes.
Top Skills: Ai-Driven Sourcing ToolsDistributed SystemsGemGreenhouseJavaJvmKotlinLinkedin RecruiterMicroservicesMonolithsSpring Boot
Yesterday
Easy Apply
Hybrid
London, Greater London, England, GBR
Easy Apply
Mid level
Mid level
Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Lead global employer brand and talent attraction strategy, manage presence on key talent platforms, run recruitment marketing campaigns, create employer brand content, use talent insights to improve candidate funnel, manage vendors and budgets, and partner cross-functionally to scale hiring across EMEA, APAC, and the US.
Top Skills: AIBuilt InDesign ToolsGlassdoorJob BoardsLinkedInPaid MediaRepvueSocial MediaVideo Editing Tools
Yesterday
Easy Apply
Hybrid
London, Greater London, England, GBR
Easy Apply
Senior level
Senior level
Fintech • Information Technology • Payments • Productivity • Software • Travel • Automation
Lead design and implementation of scalable backend and frontend systems, own domains end-to-end, set technical strategy and architecture, mentor engineers, drive cross-team initiatives, and improve reliability, performance, testing, monitoring, and CI/CD for customer-facing microservices.
Top Skills: AngularAWSCi/CdDevOpsJavaMicroservicesPythonReactSpring BootTypescript

What you need to know about the London Tech Scene

London isn't just a hub for established businesses; it's also a nursery for innovation. Boasting one of the most recognized fintech ecosystems in Europe, attracting billions in investments each year, London's success has made it a go-to destination for startups looking to make their mark. Top U.K. companies like Hoptin, Moneybox and Marshmallow have already made the city their base — yet fintech is just the beginning. From healthtech to renewable energy to cybersecurity and beyond, the city's startups are breaking new ground across a range of industries.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account