IT Security, Risk, and Compliance Auditor
Job Summary
Job Description
The IT Security, Risk, and Compliance Auditor at Coupa is crucial for assessing and enhancing the organization's security controls, managing risks, and ensuring compliance with various frameworks. The role involves conducting technical audits, implementing automated control testing, identifying gaps, and improving compliance processes to enhance operational efficiency and minimize risk. The candidate is expected to work across IT, security, and business units to evaluate security measures, improve control design, and meet industry standards.
Must have:
- 3+ years in IT security auditing, risk assessments, or compliance
- Strong knowledge of security frameworks (e.g., ISO 27001, SOC 2, PCI DSS)
- Experience with GRC platforms and compliance automation tools
- Bachelor’s degree in IT, Cybersecurity, or related field (or equivalent experience)
- Strong verbal and written communication skills
Good to have:
- CISA, CISSP, CRISC, CISM, ISO 27001 Lead Auditor certifications
11 skills required
Job Details
Coupa makes margins multiply through its community-generated AI and industry-leading total spend management platform for businesses large and small. Coupa AI is informed by trillions of dollars of direct and indirect spend data across a global network of 10M+ buyers and suppliers. We empower you with the ability to predict, prescribe, and automate smarter, more profitable business decisions to improve operating margins.
Why join Coupa?
🔹 Pioneering Technology: At Coupa, we're at the forefront of innovation, leveraging the latest technology to empower our customers with greater efficiency and visibility in their spend.
🔹 Collaborative Culture: We value collaboration and teamwork, and our culture is driven by transparency, openness, and a shared commitment to excellence.
🔹 Global Impact: Join a company where your work has a global, measurable impact on our clients, the business, and each other.
Learn more on Life at Coupa blog and hear from our employees about their experiences working at Coupa.
The Impact of an IT Security, Risk, and Compliance Auditor at Coupa:
The IT Security, Risk, and Compliance Auditor plays a critical role in evaluating, strengthening, and automating the organization’s security controls, risk posture, and compliance frameworks. This position is responsible for conducting technical security audits, implementing automated control testing, identifying gaps, and enhancing compliance processes to drive operational efficiency and risk reduction.
The ideal candidate has a technical background in security and compliance auditing with a strong understanding of control automation, evidence collection automation, and continuous compliance monitoring. They will work cross-functionally with IT, security, and business units to evaluate the effectiveness of security measures, improve control design, and ensure the organization meets regulatory and industry standards.
This role requires proficiency in security frameworks such as ISO 27001, SOC 2, PCI DSS, HIPAA, SWIFT, TISAX, C5, PIMS, NIST CSF, FedRAMP, and expertise in automation tools, GRC platforms, and evidence collection technologies.
What You'll Do:
- Conduct Technical Audits & Risk Assessments: Perform in-depth security audits and risk-based assessments of infrastructure, applications, and cloud environments to evaluate compliance with standards like ISO 27001, SOC 2, PCI DSS, GDPR, and HIPAA.
- Leverage Automation & Tools: Utilize automated control testing, evidence collection, and real-time compliance tracking via GRC platforms and security tools (e.g., SIEM, IAM, vulnerability management).
- Evaluate & Improve Security Controls: Assess and validate security configurations, access management, encryption, and vulnerability management, providing risk-based recommendations and supporting mitigation efforts.
- Reporting & Stakeholder Engagement: Produce detailed audit reports, dashboards, and presentations for technical and executive audiences, tracking remediation and ensuring audit follow-ups are completed.
- Cross-Functional Collaboration & Advisory: Partner with IT, security, and business teams to integrate audit findings into strategy, advise on best practices, and support continuous improvement in control automation and compliance posture.
What You Will Bring to Coupa:
- Education & Experience: Bachelor’s degree in IT, Cybersecurity, or related field (or equivalent experience) with 3+ years in IT security auditing, technical risk assessments, or compliance.
- Technical & Framework Expertise: Strong knowledge of security frameworks (e.g., ISO 27001, SOC 2, PCI DSS, NIST CSF, HIPAA, FedRAMP) and understanding of IT systems, cloud security, encryption, and access management.
- Tools & Automation: Experience with GRC platforms, compliance automation, control testing tools, evidence collection systems, and familiarity with audit/security tools (e.g., AuditBoard, Drata, Splunk, Qualys, AWS Security Hub).
- Certifications (Preferred): CISA, CISSP, CRISC, CISM, ISO 27001 Lead Auditor, or equivalent credentials.
- Communication & Analytical Skills: Strong verbal and written communication skills, with the ability to translate findings into actionable security recommendations and engage effectively with stakeholders.
#LI-REMOTE
#LI-PB
Coupa complies with relevant laws and regulations regarding equal opportunity and offers a welcoming and inclusive work environment. Decisions related to hiring, compensation, training, or evaluating performance are made fairly, and we provide equal employment opportunities to all qualified candidates and employees.
Please be advised that inquiries or resumes from recruiters will not be accepted.
By submitting your application, you acknowledge that you have read Coupa’s Privacy Policy and understand that Coupa receives/collects your application, including your personal data, for the purposes of managing Coupa's ongoing recruitment and placement activities, including for employment purposes in the event of a successful application and for notification of future job opportunities if you did not succeed the first time. You will find more details about how your application is processed, the purposes of processing, and how long we retain your application in our Privacy Policy.
Similar Jobs
Adyen
Madrid, Community Of Madrid, Spain (On-Site)
• 1 Month ago
PwC
Amsterdam, North Holland, Netherlands (Hybrid)
• 6 Months ago
.png%3F1676067498&w=256&q=50)
Site Core
Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
• 2 Months ago
Get notifed when new similar jobs are uploaded
Similar Skill Jobs
Salesforce
Bengaluru, Karnataka, India (On-Site)
• 1 Year ago
Electronic Arts
Galway, County Galway, Ireland (Hybrid)
• 1 Month ago
Hawkeye Innovations
Manchester, England, United Kingdom (On-Site)
• 2 Months ago
TechVedika
Hyderabad, Telangana, India (On-Site)
• 1 Month ago
Clearwater Analytics
London, England, United Kingdom (On-Site)
• 2 Months ago
Get notifed when new similar jobs are uploaded
Jobs in Reno, Nevada, United States
HCL Tech
Washington, District Of Columbia, United States (On-Site)
• 1 Month ago
Apple
Cupertino, California, United States (On-Site)
• 1 Week ago
Wind River
Walnut Creek, California, United States (Hybrid)
• 1 Month ago
Illumina
San Diego, California, United States (Hybrid)
• 2 Months ago
Get notifed when new similar jobs are uploaded
Cyber Security Jobs
Kirkland, Washington, United States (On-Site)
• 6 Months ago
Roblox
San Mateo, California, United States (On-Site)
• 3 Weeks ago
Vercel
San Francisco, California, United States (Hybrid)
• 2 Weeks ago
Get notifed when new similar jobs are uploaded
