[Hiring] PCI Program Director @Direct Travel

Role Description

We are seeking a highly experienced Senior Project Manager to lead a critical enterprise initiative: achieving PCI DSS Level 1 Service Provider compliance and delivering a successful, audit-ready Report on Compliance (ROC). This role will own the end-to-end program lifecycle—from scope optimization and gap assessment through remediation, control validation, and final QSA audit coordination. The ideal candidate has a proven track record of leading organizations through PCI certification as a service provider, with a strong emphasis on scope reduction strategies and tokenization. This is a remote position.

Key Responsibilities

• Program Leadership:
  • Lead the enterprise PCI DSS compliance program for Level 1 Service Provider designation.
  • Develop and execute a comprehensive PCI program roadmap.
  • Establish governance, reporting cadence, and executive-level visibility.
• PCI Scope Optimization & Tokenization Strategy:
  • Define and implement strategies to minimize Cardholder Data Environment (CDE) scope.
  • Lead initiatives to reduce PCI footprint through segmentation, isolation, and architectural redesign.
  • Design and implement tokenization strategies (network, application, or third-party) to eliminate storage, processing, and transmission of PAN where feasible.
  • Partner with engineering and product teams to integrate tokenization into payment workflows.
  • Ensure scope reduction decisions are defensible and aligned with QSA expectations and PCI DSS v4.0 guidance.
• QSA & Audit Execution:
  • Serve as the internal expert aligned to PCI DSS v4.0.
  • Lead or coordinate development of the Report on Compliance (ROC).
  • Interface with external QSAs, acquiring banks, and stakeholders.
• Gap Assessment & Remediation:
  • Conduct PCI gap assessments across infrastructure, applications, and third parties.
  • Drive remediation across segmentation, IAM, logging, vulnerability management, and encryption.
• Cross-Functional Coordination:
  • Partner with security, infrastructure, application, legal, and vendor teams.
  • Drive accountability for control ownership and deadlines.
• Documentation & Evidence:
  • Oversee policies, procedures, evidence artifacts, and system documentation.
  • Ensure audit readiness with defensible documentation, especially around scope justification and tokenization controls.
• Risk & Stakeholder Management:
  • Identify risks and escalate appropriately.
  • Provide executive-level reporting.

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or a related field or equivalent experience.
• Proven experience leading or playing a primary role in delivering a PCI DSS ROC for a large, complex PCI environment.
• Experience working directly with QSAs and managing audit expectations, including scope validation and control interpretation.
• Demonstrated experience with driving or implementing PCI scope reduction strategies, including network segmentation, and tokenization implementations.
• 8+ years in security, compliance, or risk.
• Deep expertise in PCI DSS, CDE scoping, and control implementation.

Preferred Qualifications

• Current or previous experience as a QSA or ISA.
• PMP certification.
• Travel, hospitality, or payment processing experience.
• Experience implementing or integrating with tokenization providers (e.g., gateway-based, vaultless, or third-party solutions).
• Familiarity with ISO 27001, SOC, and GDPR.

Key Competencies

• Executive presence.
• Strong execution focus.
• Ability to translate compliance into implementation.
• Deep understanding of architectural tradeoffs for reducing PCI scope.
• High accountability.

Benefits

• In addition to Medical, Dental, and Vision benefits, Direct Travel offers an employee rewards and recognitions program.
• Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support.

Company Description

Direct Travel is a leading provider of corporate travel management services. The company has been providing travel management for over 40 years, working with clients to develop highly customized travel programs. By leveraging both the expertise of its people and innovative solutions, Direct Travel enables clients to derive the greatest value from their travel program in terms of superior service, progressive technologies, and significant cost savings. Direct Travel has offices in over 70 locations across North America and the UK and is currently ranked 12th on Travel Weekly’s Power List.

Direct Travel is an EOE/AA/Veteran/People with Disabilities employer.

If you're ready to chart a new course and advance your career with the valuable moments and travel experiences that await, we welcome you to submit your resume for consideration at Direct Travel.

#LI-Remote