What are the responsibilities and job description for the Information Security Analyst position at Christopherson Business Travel?
About Christopherson Business Travel
Christopherson Business Travel is a leading travel management company delivering innovative corporate travel solutions, exceptional client service, and technology-driven insights. We partner with organizations to optimize travel programs, enhance traveler experiences, and drive measurable savings.
Position Summary
The Information Security Analyst is responsible for protecting Christopherson’s systems, data, and client information by maintaining and improving the organization’s security posture. A core focus of this role is leading PCI DSS compliance efforts — managing audits, remediating gaps, and ensuring ongoing adherence to payment card industry standards. Beyond compliance, this role conducts vulnerability assessments, monitors security events, and partners across teams to embed security best practices into daily operations.
Key Responsibilities
PCI DSS Compliance & Audit Readiness
Required
Christopherson Business Travel is a leading travel management company delivering innovative corporate travel solutions, exceptional client service, and technology-driven insights. We partner with organizations to optimize travel programs, enhance traveler experiences, and drive measurable savings.
Position Summary
The Information Security Analyst is responsible for protecting Christopherson’s systems, data, and client information by maintaining and improving the organization’s security posture. A core focus of this role is leading PCI DSS compliance efforts — managing audits, remediating gaps, and ensuring ongoing adherence to payment card industry standards. Beyond compliance, this role conducts vulnerability assessments, monitors security events, and partners across teams to embed security best practices into daily operations.
Key Responsibilities
PCI DSS Compliance & Audit Readiness
- Lead PCI DSS compliance initiatives including self-assessment questionnaires (SAQs), gap analyses, and remediation tracking.
- Coordinate with internal teams and external assessors (QSAs) to prepare for and support PCI audits.
- Maintain and update security policies, procedures, and documentation required for PCI compliance.
- Monitor changes to PCI DSS standards and assess their impact on Christopherson’s environment.
- Conduct regular vulnerability scans and coordinate penetration testing across internal and external systems.
- Analyze scan results, prioritize findings by risk, and drive remediation efforts with system owners.
- Perform security assessments of new applications, integrations, and infrastructure changes prior to deployment.
- Monitor security alerts and events using SIEM tools and escalate potential incidents per established procedures.
- Investigate and respond to security incidents, document findings, and recommend preventive measures.
- Assist in the development and testing of incident response and disaster recovery plans.
- Conduct risk assessments to identify threats and vulnerabilities across the organization’s technology landscape.
- Develop and maintain information security policies, standards, and guidelines aligned with industry frameworks (PCI DSS, NIST, CIS).
- Deliver security awareness training and phishing simulations to promote a security-conscious culture.
- Partner with IT, development, and operations teams to integrate security controls into systems and workflows.
- Advise stakeholders on security implications of business decisions, vendor relationships, and technology changes.
- Support third-party vendor security assessments and due diligence reviews.
Required
- 3–5 years of experience in information security, cybersecurity, or IT audit/compliance roles.
- Hands-on experience with PCI DSS compliance, including audit preparation, evidence gathering, and remediation.
- Proficiency with vulnerability scanning tools (Nessus, Qualys, Rapid7, or similar) and SIEM platforms.
- Solid understanding of network security, firewalls, endpoint protection, and access control principles.
- Strong analytical and communication skills with the ability to translate technical risks into business terms.
- Industry certifications such as CompTIA Security , CISSP, CISA, or PCI QSA/ISA.
- Experience with compliance frameworks beyond PCI DSS (NIST CSF, SOC 2, ISO 27001).
- Familiarity with cloud security in AWS, Azure, or GCP environments.
- Background in the travel, financial services, or payment processing industry.
- Regulatory Compliance & Audit Management
- Risk Assessment & Threat Analysis
- Vulnerability Management & Penetration Testing
- Incident Detection & Response
- Security Policy Development
- Cross-Functional Communication & Stakeholder Advisory
- Competitive base salary ($90,000–$110,000 depending on experience)
- Comprehensive benefits package (medical, dental, vision, 401k)
- Professional development and certification support
- Flexible, hybrid work environment
- A collaborative, mission-driven culture
Salary : $90,000 - $110,000