Business Analyst - PCI / Payment Systems

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or a related field or equivalent experience.
• 4+ years of experience as a Business Analyst, preferably in complex system environments.
• Proven experience mapping end-to-end business processes and system workflows.
• Strong experience working with payment systems, financial transactions, or e-commerce platforms.
• Demonstrated ability to analyze and document data flows across multiple systems.
• Experience translating business needs into technical requirements.

Nice To Haves

• Experience in PCI DSS environments or supporting compliance initiatives.
• Familiarity with payment gateways and processors.
• Familiarity with tokenization concepts and implementations.
• Experience in travel, hospitality, or high-volume transaction environments.
• Experience working with distributed systems and third-party integrations.

Responsibilities

• Document end-to-end payment workflows, including customer booking and payment processes, internal system interactions (phone system, back-office), and third-party integrations (e.g., payment gateways, GDS, vendors).
• Identify where cardholder data (PAN) is collected, processed, stored, and transmitted.
• Develop and maintain data flow diagrams, system interaction maps, and process documentation aligned to PCI scope requirements.
• Analyze payment and data flows to identify opportunities to reduce PCI scope.
• Partner with Security, Operations and Finance teams to eliminate unnecessary PAN handling, support segmentation strategies, and enable system isolation and scope containment.
• Ensure all scope-related documentation is accurate, complete, and defensible for audit.
• Support design and implementation of tokenization strategies by mapping current vs. future-state payment flows and identifying systems and processes impacted by tokenization.
• Work with Product and Operations teams to redesign workflows to remove PAN from internal systems and eliminate manual or legacy payment handling processes.
• Document business and system changes required to support tokenization initiatives.
• Translate compliance and architectural requirements into clear business requirements, functional specifications, and user stories / tickets for engineering teams.
• Ensure requirements align with PCI DSS expectations and scope reduction goals.
• Work with Product and Engineering teams, Finance and Operations (e.g., billing, refunds, call centers), and Vendor and third-party stakeholders.
• Facilitate workshops and discovery sessions to understand real-world workflows vs. documented processes.
• Identify “shadow” processes where cardholder data may be handled outside defined systems, manual workflows (e.g., call center payments, email handling of PAN), and gaps between intended and actual processes.
• Escalate risks and inefficiencies to the PCI Program Director.
• Maintain clear, structured documentation to support PCI scope validation and QSA review and audit defensibility.
• Ensure all process documentation aligns with control narratives, data flow diagrams, and system inventories.

Benefits

• Medical
• Dental
• Vision
• Employee rewards and recognitions program
• Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support.