IT Security, Risk, and Compliance Auditor

1 Month ago • 3 Years + • Cyber Security

Job Summary

Job Description

The IT Security, Risk, and Compliance Auditor at Coupa is crucial for assessing and enhancing the organization's security controls, managing risks, and ensuring compliance with various frameworks. The role involves conducting technical audits, implementing automated control testing, identifying gaps, and improving compliance processes to enhance operational efficiency and minimize risk. The candidate is expected to work across IT, security, and business units to evaluate security measures, improve control design, and meet industry standards.

Must have:

3+ years in IT security auditing, risk assessments, or compliance
Strong knowledge of security frameworks (e.g., ISO 27001, SOC 2, PCI DSS)
Experience with GRC platforms and compliance automation tools
Bachelor’s degree in IT, Cybersecurity, or related field (or equivalent experience)
Strong verbal and written communication skills

Good to have:

CISA, CISSP, CRISC, CISM, ISO 27001 Lead Auditor certifications

11 skills required

11 skills required for this role

Add these skills to join the top 1% applicants for this job

team-management

cross-functional

communication

internal-audit

talent-acquisition

cross-functional-collaboration

quality-control

aws

cloud-security

splunk

swift

Job Details

Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.

Why join Coupa?

🔹 Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.

🔹 Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.

🔹 Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other.

Learn more on Life at Coupa blog and hear from our employees about their experiences working at Coupa.

The Impact of an IT Security, Risk, and Compliance Auditor at Coupa:

The IT Security, Risk, and Compliance Auditor plays a critical role in evaluating, strengthening, and automating the organization’s security controls, risk posture, and compliance frameworks. This position is responsible for conducting technical security audits, implementing automated control testing, identifying gaps, and enhancing compliance processes to drive operational efficiency and risk reduction.

The ideal candidate has a technical background in security and compliance auditing with a strong understanding of control automation, evidence collection automation, and continuous compliance monitoring. They will work cross-functionally with IT, security, and business units to evaluate the effectiveness of security measures, improve control design, and ensure the organization meets regulatory and industry standards.

This role requires proficiency in security frameworks such as ISO 27001, SOC 2, PCI DSS, HIPAA, SWIFT, TISAX, C5, PIMS, NIST CSF, FedRAMP, and expertise in automation tools, GRC platforms, and evidence collection technologies.

What You'll Do:

Conduct Technical Audits & Risk Assessments: Perform in-depth security audits and risk-based assessments of infrastructure, applications, and cloud environments to evaluate compliance with standards like ISO 27001, SOC 2, PCI DSS, GDPR, and HIPAA.
Leverage Automation & Tools: Utilize automated control testing, evidence collection, and real-time compliance tracking via GRC platforms and security tools (e.g., SIEM, IAM, vulnerability management).
Evaluate & Improve Security Controls: Assess and validate security configurations, access management, encryption, and vulnerability management, providing risk-based recommendations and supporting mitigation efforts.
Reporting & Stakeholder Engagement: Produce detailed audit reports, dashboards, and presentations for technical and executive audiences, tracking remediation and ensuring audit follow-ups are completed.
Cross-Functional Collaboration & Advisory: Partner with IT, security, and business teams to integrate audit findings into strategy, advise on best practices, and support continuous improvement in control automation and compliance posture.

What You Will Bring to Coupa:

Education & Experience: Bachelor’s degree in IT, Cybersecurity, or related field (or equivalent experience) with 3+ years in IT security auditing, technical risk assessments, or compliance.
Technical & Framework Expertise: Strong knowledge of security frameworks (e.g., ISO 27001, SOC 2, PCI DSS, NIST CSF, HIPAA, FedRAMP) and understanding of IT systems, cloud security, encryption, and access management.
Tools & Automation: Experience with GRC platforms, compliance automation, control testing tools, evidence collection systems, and familiarity with audit/security tools (e.g., AuditBoard, Drata, Splunk, Qualys, AWS Security Hub).
Certifications (Preferred): CISA, CISSP, CRISC, CISM, ISO 27001 Lead Auditor, or equivalent credentials.
Communication & Analytical Skills: Strong verbal and written communication skills, with the ability to translate findings into actionable security recommendations and engage effectively with stakeholders.

#LI-REMOTE

#LI-PB

Coupa complies with relevant laws and regulations regarding equal opportunity and offers a welcoming and inclusive work environment. Decisions related to hiring, compensation, training, or evaluating performance are made fairly, and we provide equal employment opportunities to all qualified candidates and employees.

Please be advised that inquiries or resumes from recruiters will not be accepted.

By submitting your application, you acknowledge that you have read Coupa’s Privacy Policy and understand that Coupa receives/collects your application, including your personal data, for the purposes of managing Coupa's ongoing recruitment and placement activities, including for employment purposes in the event of a successful application and for notification of future job opportunities if you did not succeed the first time. You will find more details about how your application is processed, the purposes of processing, and how long we retain your application in our Privacy Policy.